The newly formed Sears Holdings picks Kmart C10 
Karen Austin to manage its IT operations. 


Most of the $25 million that Bonneville Power spent on 
a software rollout is water over the dam now. 
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Users Seek Answers 
Krom New HP CE 


Former NCR exec Hurd says he will emphasize | 


user needs and financials but offers few details 
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BY PATRICK THIBODEAU | Ten customers interviewed af- 
ter HP announced his hiring 

| said they want answers to 
questions about the company’s 
overall direction and its plans 
for specific product lines. 

They also offered plenty of 

advice for Hurd, including sug- 
gestions that he get 
HP out of the PC busi- 
ness and make it more 
customer-oriented 
than it was under 
former CEO Carly 
Fiorina. 

The clock is ticking 
for HP, said Gary Pila- 
fas, a senior storage 
and systems architect 


Mark Hurd, who took over as 
Hewlett-Packard Co.’s CEO 
last week, said one of his first 
priorities will be meeting with 
HP’s employees, customers 
and partners over the coming 
weeks and months. 
“Don’t expect to see a 
lot of me right now,” 
he bluntly told re- 
porters before ending 
a press conference. 
HP users said they 
will be ready for Hurd, 
who until last Tuesday 
was president and 
CEO of NCR Corp. 


Microsoft Fills 
In ros Unde 


BY CAROL SLIWA 
IT managers will find several 
tools designed to help them 
protect systems from security 
threats in the first service 


tem ute} 
“relentless fo- 
rTM ART tl om 


pack update for Windows 
Server 2003, which Microsoft 
| Corp. released last week — 
nearly two years after the 
operating system’s debut. 
Some users said Service 
Pack 1 could reduce the need 
to augment Windows Server 
2003 with third-party security 
| software. New features in SP1 
OS Update, page 49 
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| Hurd provides 





at UAL Loyalty Services Inc., 
a unit of United Air Lines Inc. 


| Hurd “needs to define their 


future and get the word out 

quickly,” Pilafas said, adding 

grin that he thinks 
NOIL HP should spin 
AbookbyMark off its PC oper- 
ations in order 
to “focus on the 


profitable units.” 
HP CEO, page 16 


Comdex ’05 
Cancellation 
Draws Yawns 


Users say they don’t 
miss s once-vital show _ -vital show 


BY TODD R. WEISS 

No Comdex this November? 
No problem, IT managers said 
last week after the Las Vegas 
trade show was canceled for 
the second straight year. 

They added that the one- 
time main event in the com- 
puter industry had lost its fo- 
cus in recent years, becoming 


| a showcase for products and 


technology that were of little 
interest to corporate IT. 
Bob Schwartz, CIO at Pana- 
sonic Corporation of North 
Comdex, page 49 
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INVASION 0: 
iSCSIARRAY 


Early adopters say 
iSCSI has become a strong 
rival to Fibre Channel for 
low-end, midrange and 
departmental storage. 
By Robert L. Mitchell 








The world’s most-deployed server platform now supports 
64-bit applications. The Intel® Xeon” processor now 
works harder for your business than ever. With innovative 
platform features that enable power-saving 
options, flexible memory, !/O and storage configurations. 
And, of course, continued support 
for all your existing 32-bit applications 
How can Intel Xeon processor-based servers serve you? 
intel.com/go/xeon 
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Open Ticket for Continental 
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that included a 64-bit MySQL database server, says Michael 
McDonald, the company’s director of technology. Page 24 
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the nod to lead IT operations 
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Electricity provider Bonne- 
ville Power Administration 
abandons much of a $25 mil- 
lion software system. 


Companies are slowly start- 
ing to talk about replacing 
core applications with newer 
systems, signaling a thaw in 
the IT spending freeze. 
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end virtualization platform. 
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Explorer, Outlook 
Flaws Probed 


Microsoft Corp. is investigating a 
new set of potentially serious se- 
curity flaws in Internet Explorer 
and Outlook reported by security 
company eEye Digital Security. 
The flaws in the browser and 
e-mail client could let an attacker 
take control of a system with 
minimal action from the user, 
according to eEye. The flaws are 
ranked as high risk. 


Intel to Abide by 
Japanese Ruling 


Intel Corp.’s Japanese subsidiary 
has agreed to accept recommen- 
dations made by the Japan Fair 
Trade Commission as part of an 
investigation into alleged unfair 
business practices by Intel. The 
chip maker said it disagrees with 
findings that it restrained compe- 
tition in the Japanese PC chip 
market but intends to abide by the 
cease-and-desist provisions of the 
recommendation. 


MCI to Consider 
Latest Qwest Bid 


MCI Inc. will consider a new bid 
from Qwest Communications In- 
ternational Inc., even though MCI 
has twice said that it intends to be 
acquired by Verizon Communica- 
tions Inc. Just days after accept- 
ing a Verizon bid for a second 
time, MCI said it will “re-engage” 
in merger talks with Qwest. Qwest 
on Thursday increased its bid for 
MCI to $8.9 billion, about $1.3 bil- 
lion more than Verizon’s offer. 


Berkeley Hit With 
Student Data Theft 


Officials at the University of Cali- 
fornia, Berkeley, are notifying 
more than 98,000 graduate stu- 
dents and applicants about the 
theft of a laptop computer con- 
taining their names, Social Secu- 
rity numbers and other informa- 
tion. Officials said no reports have 
been received about misuse of 
the data. The laptop was stolen 
March 11 from a restricted area. 








Oracle Joins Rush to 


Oblix — furthers — trend; 





BY JAIKUMAR VIJAYAN 
RACLE CORP’’S pur- 
chase of Oblix Inc. 
for an undisclosed 
sum last week is 

part of a movement among 

major IT vendors to address 
growing user demand for 

identity and access manage- 
ment software, analysts said. 

The acquisition gives Ora- 
cle a range of software sup- 
porting capabilities, such as 
single sign-on and federated 
identity management. Cuper- 
uno, Calif.-based Oblix has 
about 100 employees and 
claims to have more than 150 
customers, including The Boe- 
ing Co., Burger King Corp. and 
The Coca-Cola Co. 

The Oblix software comple- 
ments a set of tools that Ora- 
cle already sells and will allow 
it to offer users identity man- 
agement functionality for non- 
Oracle applications, middle- 
ware and databases, said 
Thomas Kurian, a senior vice 
president at the software ven- 
dor. That includes the People- 
Soft and J.D. Edwards applica- 
tions that Oracle acquired ear- 
lier this year, Kurian said. 


Positive Results for Users 


Purchases of so-called bou- 
tique vendors such as Oblix by 
larger, more well-established 
companies usually have posi- 
tive results for users, said an 
IT manager at a large travel- 
industry company that uses 
Oblix’s technology. 

“The tools mature techni- 


cally and functionally due to 


increased funding,” said the IT 
manager, who asked not to be 
identified. “And it allows us to 
better leverage the relation- 
ships already established with 
our larger long-term vendors.” 
Oracle’s acquisition plays 
into a growing corporate in- 
terest in tools that combine 
access control for Web appli- 





cations with functions for ad- 
ministering the separate iden- 
tity credentials associated 
with legacy applications run- 
ning on mainframes and other 
systems, said Roberta Witty, 
an analyst at Gartner Inc. 

“The need to comply with 
regulations is forcing identity 
and access management to the 
forefront at every organiza- 
tion,” Witty said, referring to 
the mandates of laws such as 
the Sarbanes-Oxley Act. 

Oracle is the latest in a line 
of large vendors that have 
added to their identity man- 
agement capabilities through 
acquisitions. 

On March 23, BMC Software 
Inc. announced that it had 
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bought OpenNetwork Tech- 
nologies Inc., a Clearwater, 
Fla.-based vendor of Web ac- 
cess-control and single sign-on 
tools, for an undisclosed price. 

That followed a January 25 
deal in which BMC acquired 
Calendra, a Paris-based devel- 
oper of federated identity 
management software, for 
$33 million in cash. 

Computer Associates In- 
ternational Inc. purchased 
Waltham, Mass.-based identity 
management vendor Netegrity 
Inc. for $430 million last No- 
vember. And last week, CA 
said it had bought software for 
identifying and deleting obso- 
lete or rogue user IDs on 
mainframes from InfoSec Inc. 
in North Barrington, Ill. The 
two companies didn’t divulge 
the purchase price. 

In addition, IBM, Sun Micro- 








ID Check 


emu 
management functions, 
Tere Mu clei er-eicre [are (cy 
RSTO IMS merece ate Leg) 
and user provisioning. 


Supports federat- 
ed identity management. 


Manages access to 
Web services. 


| systems Inc. and Hewlett- 


Packard Co. have all made 
identity-related purchases 
over the past two years. 
“Clearly, ID management is 
becoming a big-company mar- 
ket,” said Phil Schacter, an an- 
alyst at Burton Group in Mid- 
vale, Utah. He added that 
small vendors “have difficulty 
growing fast and investing in 
the marketing infrastructure 
to be able to compete with 
the likes of CA and IBM.” 
@ 53531 





Kmart CIO Gains Top IT 
Job at Sears Holdings 


Austin to manage 
tech operations; 
Kelly exits retailer_ 


BY CAROL SLIWA 
Karen Austin, who had been 
the CIO at Kmart Holding 
Corp., was given the reins of 
the IT department at the new- 
ly formed Sears Holdings 
Corp. when Kmart completed 
its merger with Sears, Roe- 
buck and Co. late last month. 
Sears CIO Gerald Kelly Jr. 
left the combined company 
shortly after the deal closed 
on March 24, according to 
Sears Holdings spokesman 
Christopher Brathwaite. When 
Kmart and Sears announced 
their merger plans last No- 
vember [QuickLink 50943], it 
was unclear whether Austin 
or Kelly would emerge as the 
leader of IT operations. 
Austin, 43, is a 21-year IT 
veteran at Kmart and became 


| 
| 


CiO there in April 2002. In her 
expanded position, she will re- 
port to Aylwin Lewis, presi- 
dent of Sears Holdings and 
CEO of Kmart and Sears Retail. 
Brathwaite said it’s too early 
to comment about the degree 
to which the systems at Kmart 
and Sears will be integrated. 
The new company is 
still “working through 
the various layers of 
the structure of this or- 
ganization” and has yet 
to determine what the 
top IT priorities will be 
going forward, he said. 
David Hogan, senior 
vice president and CIO 
at the National Retail 
Federation in Washing- 
ton, said he expects 
that the two retailers 
will find synergies 
from a sourcing and 
supply chain perspec- 
tive. “If I had those two 
organizations, I would 
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OUT 


over time just take a look from 
a process-improvement per- 
spective where the low-hang- 
ing fruit is and go after that,” 
Hogan said. 


Sparse Initiatives 

Major IT initiatives were 

sparse during Austin’s three- 

year tenure as Kmart’s CIO, as 

the retailer battled to emerge 

from bankruptcy protection, 

which it finally did last May. 

One of the most recent proj- 
ects at the company 
was a redesigned Web 
site that its e-com- 
merce team built with 
help from Fry Inc. and 
launched the same 
week the merger was 
announced. 

At Sears, Kelly 

had made some bold 
moves after being 
named CIO in October 
2002. For example, he 
orchestrated a 10-year, 
$1.6 billion IT out- 
sourcing deal with 
Computer Sciences 
Corp. in March 2004. 

| @ 53529 
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Energy Supplier Switches Gears on Software Rollout 


Bonneville Power drops $25M system, 
turns to hosted apps to meet mandates 


BY MARC L. SONGINI 
Electricity provider Bonne- 
ville Power Administration 
(BPA) recently abandoned a 
controversial $25 million soft- 
ware system that handled en- 
ergy scheduling, transaction 
management and transmission 
availability. 

In 1999, the Portland, Ore.- 
based BPA and Houston-based 
software vendor SoftSmiths 
Inc. started work on the so- 
called Electricity Transaction 
Management System (ETMS). 
The project was slated to cost 
$12 million and last one year. 
Nearly five years and $25 mil- 
lion later, the ETMS was most- 
ly scrapped last November. 

“Our challenge was to en- 
gage a system that was flexible, 
rapid and accurate,” said BPA 
spokesman Edward Mosey. 
“The ETMS didn’t deliver the 
necessary performance levels.” 

The new system was to re- 
place a 30-year-old home- 
grown mainframe-based sys- 
tem that required transaction 
orders to be phoned in, faxed 
or e-mailed. That system 
didn’t comply with federal 
regulations requiring greater 
speed and better visibility into 
transmission availability. 

Late last year, the BPA 
turned to an alternative host- 
ed system from Minneapolis- 
based Open Access Technolo- 
gy International Inc. (OATI) 
that went live in February and 
is already meeting the BPA’s 
needs. 

The BPA, which is overseen 
by the '1.S. Department of En- 
ergy, provides wholesale elec- 
tricity throughout the North- 
west and must comply with 
regulatory requirements to 
provide greater efficiency in 
its transmission business. 


Valuable Experience 
Despite the failure of the ini- 
tial effort, BPA officials said it 
was valuable to the operation. 
“BPA views the $25 million 
spent on the ETMS as a cost 
of implementing a scheduling 


automation system that meets 
its needs,” said Mosey. 

He noted that the BPA spent 
significant sums to create re- 
quirements-definition and re- 
finement specifications that 
remain useful. “One result was 
that we have put into place a 
stronger project management 
organization to oversee IT 
projects,” Mosey said. 

According to regulatory 
mandates, the BPA needed to 
fully support electronic tag- 
ging for each transaction by 
January 2005 — a deadline it 
would have badly missed had 
it not turned to the hosted sys- 
tem. Electronic tags track 
ownership of power from the 
source to the user. 

“We have to track each and 
every transaction accurately 
and promptly. We worked 
through the challenges with 
SoftSmiths until we came to 


the conclusion that an alterna- 
tive, the OATI, would better 
meet our needs,” Mosey said. 
He didn’t blame the problems 
on SoftSmiths but said that 
performance and other issues 
arose because of the cus- 
tomization required. 

In the long run, the hosted 
system will cost less, Mosey 
said, although he declined to 
disclose the projected costs. 

The ETMS was the subject 
of criticism in a February 2004 


audit report from the Depart- 


ment of Energy’s inspector 


general. The report charged 
that the project’s management 
“lacked a comprehensive proj- 
ect plan and system develop 
ment and implementation 
procedures.” The ETMS was 
incapable of meeting “the de- 
mands of the automated, 
deregulated business environ- 
ment,” the audit stated. 

The inspector general wasn't 
alone in raising a ruckus about 
the delays and costs associat 
ed with the ETMS. “In the 
past, I was ballistic over the 
handling of it — four years 





Users Prepare to Buy as Budgets Thaw 


Desire for new 
functionality 
drives moves to 
replace core apps 


BY THOMAS HOFFMAN 
A thaw in the four-year IT 
spending freeze is becoming 
more evident as companies 
are slowly beginning to look at 
replacing core applications 
with newer systems that offer 
improved functionality and 
scalability, [T managers and 
analysts said last week. 

At the same time, some or- 
ganizations are using Web ser- 
vices and service-oriented ar- 
chitectures to extend some 
older applications in addition 
to installing new ones. 

For instance, DTE Energy 
Co. in Detroit is deploying 

ERP software from SAP AG to 
| replace five financial systems, 
| two mainframe supply chain 

management systems and one 


human resources system, said 
CIO Lynne Ellyn. 

The energy supplier is also 
replacing two distribution op- 
erations systems and nine im- 
plementations of a plant work 
management system with 
Maximo, an asset and service 
management system from 
Bedford, Mass.-based MRO 
Software Inc., she said. 

DTE Energy is simultane- 


| ously harnessing Web services 


to help it develop applications 
for functions that few, if any, 


} commercial systems can auto- 


mate, said Ellyn. 


| Varied Predictions 


In a survey of 118 senior finan- 


| cial executives published late 


last month by Iselin, N_J.- 


based Siemens Financial Ser- 


vices Inc., 73% of the respon- 
dents said they expect to have 
shorter replacement cycles for 
software over the next five 
years. 

But Bill Zadrozny, president 


and CEO of the Siemens AG 
unit, which offers financing for 
hardware and software pur- 
chases, said he hasn’t seen any 
significant increases in soft- 
ware spending from Siemens’ 
users so far this year. 

“We’re hearing it from cus- 
tomers, but we’re not seeing it 
yet,” Zadrozny said. 

Fenella Scott, an analyst at 
AMR Research Inc. in Boston, 
said the frequency of software 
replacement cited in the 
Siemens survey “seems a little 
aggressive.” She estimated 
that roughly 5% of AMR’s 
manufacturing industry cus- 
tomers plan to replace their 
core packaged applications 
over the next 12 months. 

Harrah’s Entertainment Inc. 
is making increased use of 
middleware from vendors 
such as Tibco Software Inc. to 
more closely integrate its ex- 
isting systems, said Tim Stan- 
ley, vice president of IT and 
CIO at the Las Vegas-based 


COMPUTERWORLD April 4, 2005 


and $25 million down the 
drain,” said ferry Leone, man- 
ager of the Public Power 
Council, which represents 114 
consumer-owned utilities that 
use the BPA’s service. “I un 
derstand that now the new 
system is up and running and 
that it he BPA folks’ 


needs. [f this is indeed the 


inswers 
case, then | am happy,” he said 

SoftSmiths defended its 
work on the project. “Soft 
Smiths delivered all products 
and services as contracted by 
the customer,” said a company 
spokesman via e-mail. 

“SoftSmiths’ products per- 
formed as designed,” he wrote. 
“Products delivered provided 
Bonneville Power Administra 
tion Transmission the capabil- 
ity to increase the level of 
automation it utilizes in its 
scheduling processes in accor 
dance with management's im- 
plementation schedule and 
transition plan.” 

The spokesman added that 
the $25 million price tag didn’t 
solely include payments to 
SoftSmiths; some of it went to 


other contractors. @ 53525 


gaming and hotel company. 

But Harrah’s is also upgrad- 
ing its core off-the-shelf appli- 
cations more frequently in 
order to migrate to newer 
versions that Stanley hopes 
will contain fewer bugs “and 
put us on a more predictable 
path.” 

Other CIOs, such as John 
Schille at American Fidelity 
Assurance Co. in Oklahoma 
City, said they aren’t planning 
to increase software replace- 
ment over the near term be- 
cause their applications are 
working as expected. 

Kathy Quirk, an analyst at 
Nucleus Research Inc. in 
Wellesley, Mass., said, “What 
I’m seeing is that a lot of com- 
panies are selectively replac- 
ing software, depending on 
the business need.” That in- 
cludes instances where com- 
panies are consolidating mul- 
tiple packages of CRM and 
other types of software onto 
a single platform or are up- 
grading various business users 
onto the same version of a sys- 


tem, she added. @ 53501 
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HDS to Unveil High-End 
Virtualization Platform 


IBM, NetApp elbow into the spotlight 
with lesser storage announcements 





BY LUCAS MEARIAN 
ITACHI Data Sys- 
tems Corp. today 
is expected to an- 
nounce the avail- 
ability of a network-attached 
storage (NAS) blade for its 
high-end virtualization stor- 
age platform. The new blade 
for the TagmaStore array al- 
lows file-level data transfers 
to back-end storage. 

The blade is the first HDS- 
developed NAS offering. The 
company will continue to sell 
third-party NAS products un- 
der a reseller agreement with 
Network Appliance Inc. 

Meanwhile, NetApp and 
IBM tried to take some of the 
luster off of HDS’s entry into 
the NAS market by making 
some lesser announcements. 
IBM said it plans to add tape 
management to its SAN File 
System by year’s end, and 
NetApp announced the re- 
naming of its SAN/NAS gate- 
way product. 

Gary Pilafas, a senior stor- 
age and systems architect at 
UAL Loyalty Services Inc., an 
Arlington Heights, Ill.-based 
unit of United Air Lines Inc., 
said he will evaluate the new 
NAS blades for use with one 
TagmasStore array in produc- 
tion and two others that the 
airline recently purchased. 

Pilafas said he hopes the 
blades can simplify his envi- 
ronment by managing the 
replication of block- and file- 
level data through a single 
interface. 

“You don’t have to have an- 
other appliance in front of 
your SAN with five 9s avail- 
ability this way,” Pilafas said. 

Each of the TagmaStore’s 
NAS blades scales to 512TB of 
capacity, and the array can 
hold up to eight blades, said 
Claus Mikkelsen, senior direc- 
tor of storage applications at 





Santa Clara, Calif.-based HDS. 

As an example of its pricing 
plan, HDS said a new NAS 
blade with 1.2TB capacity will 
list for $86,700. 


Developments at IBM 

For its part, IBM disclosed 
plans to add tape management 
systems to the SAN File Sys- 
tem. It also announced that it 
sold its 999th and 1,000th SAN 
Volume Controller (SVC) vir- 
tualization appliances. The 
buyer was the internal IT shop 
at Cisco Systems Inc.; ironical- 
ly, Cisco has been feverishly 
pitching its own virtualization 
device embedded in its line of 


| MDS 9000 storage switches. 

A spokeswoman for Cisco’s 
IT group, who wouldn't dis- 
cuss the competition between 
the IBM and Cisco offerings, 
said the sales agreement for 
the IBM SVC was just signed 
and the appliance hasn’t yet 
arrived. Cisco will use SVC 
along with other virtualization 
systems for data migration 
and replication, she said. 

Brian Perlstein, a senior 
technology consultant at Oak- 
wood Healthcare System in 
Dearborn, Mich., hopes to add 
the tape management function 
to his IBM SAN File System 
appliance. Perlstein also uses 
two SVC appliances to pool 
storage from an all-IBM stor- 
age-area network that includes 





high-end and midrange arrays. 





Perlstein said that adding 
tape to the virtualization layer 
would let him simplify his in- 
frastructure, which includes 
an IBM 3584 tape library. 

Rick Villars, an analyst at 
IDC in Framingham, Mass., 
said IBM’s announcement sig- 


Virtualization 


= HDS adds a NAS blade to its 


to its SAN File System by year’s 
end; announces its 1,000th 





nals a maturation of virtualiza- 
tion, which creates a layer of 
abstraction between applica- 
tion servers and back-end 
storage. 


Name Change at NetApp 
Meanwhile, Sunnyvale, Calif.- 
based NetApp last week 
changed the name of its virtu- 
alization appliance from the 
gFiler to the V-Series. NetApp 
also pledged that the V-Series 
will support IBM, EMC Corp. 
and Hewlett-Packard Co. ar- 
rays by midyear. The appli- 
ance now supports HDS ar- 
rays. The device acts as a vir- 
tualization layer between ap- 
plication servers and a hetero- 
geneous storage architecture. 
Jeff Hornung, vice president 
of enterprise file services and 
storage networking at NetApp, 
said that the company plans to 
integrate a distributed file sys- 
tem from Spinnaker Networks 
Inc. into the V-Series by the 
end of the year. NetApp ac- 
quired Spinnaker last year. 


@ 53505 


Bridgestone Europe Turns to India for SAP Support 


IT executive at 
tire maker says no 


layoffs are planned | 


BY PATRICK THIBODEAU 

The European unit of Bridge- 
stone Corp. plans to outsource 
support and maintenance of 
its SAP ERP system to an off- 
shore firm in India, but the de- 
cision isn’t expected to lead to 
any layoffs of IT staffers at the 
tire maker. 

Bridgestone Europe will 
turn over management of 
its SAP AG applications to 
Satyam Computer Services 
Ltd. in Hyderabad, India, the 
two companies announced 
last month without disclosing 
any financial details. 

The three-year agreement 
will let Bridgestone Europe 
“free up resources to focus on 
new requests and new de- 
mands,” said Joe O’Neill, IT 
director at the Brussels-based 
unit. 

O’Neill said that having the 
internal IT staff deal with SAP 


support issues isn’t adding any 
value to Bridgestone Europe’s 
business operations. Whether 
SAP problems are handled in 
Brussels or offshore “doesn’t 
really matter to the business 
user, provided he gets a reso- 
lution,” O’Neill said. 

Because Bridgestone’s SAP 
support operations are cen- 
tralized in Brussels, shifting 
the work to India won't be dif- 
ficult, he added. “We already 
have, I would say, a near-shore 
support organization within 
our own organization,” O’Neill 


| said. 


Bridgestone has six manu- 
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b We already 


have, | would 
Say, a near-shore 
support organiza- 
tion within our own 
organization. 
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JOE O'NEILL, IT DIRECTOR, 
BRIDGESTONE EUROPE 





facturing plants, a technical 
center and numerous sales 
and distribution facilities 
throughout Europe; its Euro- 
pean ERP system supports 
about 2,000 end users. 

Moving support for pack- 
aged applications offshore is 
an increasingly common IT 
strategy, said Atul Vashistha, 
chairman and CEO of NeoIT 
Inc., a San Ramon, Calif.-based 
consulting firm that advises 
companies on offshore out- 
sourcing. At first, many off- 
shore initiatives were focused 
on support of custom applica- 
tions, Vashistha said. 

“Now we're starting to see 
significant-size, longer-term 
ERP support and maintenance 
deals happening,” he said, not- 
ing that many offshore actions 
aren’t made public. 

O'Neill said Bridgestone 
Europe is in a transition phase 
on the support shift, finalizing 





agreements with Satyam and 
getting the processes in place 
to complete the move. 

“Even though people’s jobs 


aren’t threatened by this, 
there’s still a need for people 
to adapt,” he said. 
Bridgestone didn’t disclose 
an estimated cost savings from 
the offshore deal, nor would 
O’Neill discuss the new proj- 
ects that internal SAP support 
staffers will work on. But he 
said some of the expected 
benefits will arise from the 
company’s ability to direct 
more of its internal resources 
toward other IT needs. 
Manish Mehta, a director 
and senior vice president at 
Satyam, said the company has 
been providing SAP support 
for nearly six years and has 
more than 1,700 employees 
working in its SAP practice. 
The company has about 100 
SAP clients, he added. 
@ 53533 


MORE OUTSOURCING NEWS 


To read more about this topic, visit the 
Outsourcing Knowledge Center on our 
Web site: 
QuickLink a2290 
www.computerworld.com 
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Equity Firms Invest 
$350M In Lenovo 


Three U.S. private equity firms 
said they will invest $350 million 
in China’s Lenovo Group Ltd. to 
help fund its takeover of IBM’s PC 
business. Texas Pacific Group, 
General Atlantic Partners LLC and 
Newbridge Capital Group LLC will 
collectively own about 10% of 
Lenovo when the deal closes. 
Lenovo will use $150 million to fi- 
nance its IBM purchase and the 
rest for working capital. 


Google Buys Web 
Analytics Toolmaker 


Google Inc. has acquired Urchin 
Software Corp., a Web site ana- 
lytics system developer. Terms of 
the deal, which is expected to 
close in April, weren't disclosed. 
Urchin’s software is used to pro- 
vide data on user experience and 
allow the optimization of content 
and Web marketing. The system is 
used by more than 1 million sites 
worldwide. 


i2 Technologies 
Cutting 300 Jobs 


Supply chain vendor i2 Technolo- 
gies Inc. has begun a round of lay- 
offs that will see as much as 15% 
of its 2,000-person workforce 
eliminated. The struggling soft- 
ware vendor notified most employ- 
ees of the layoffs last week, the 
end of its first quarter. The layoffs 
will be companywide and aren’t 
focused on any one business unit 
or geographic region. 
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SunGard Agrees ; 
To $11.3B Buyout 


SunGard Data Systems Inc. said 
its board of directors has approved 
a $11.3 billion buyout offer from 
seven investment firms. SunGard 
officials said that no layoffs are 
planned and that they are aban- 
doning a plan announced earlier to 
split off its disaster recovery busi- 
ness from its software and pro- 
cessing business. SunGard’s head- 
quarters will remain in Wayne, Pa. 
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Microsoft Plans to 


Share Network .. . 


. .. troubleshooting tool with users and vendors alike. But 

it wants a quid pro quo of a sort. According to Neil 
Leslie, general manager of Microsoft Corp.’s cus- 
tomer service and support group, the company with- 
in six months will release a beta version of Network 


Monitor 3.0, an upgrade of a 
tool that has shipped as part 
of its Systems Management 
Server (SMS) software. What 
will be different in the next 
SMS release, Leslie says, is 
that Netmon won't have a 
“90-day time bomb” that 
turns off the tool unless you 
buy it. In other words, if you 
get SMS, you'll get Netmon 
3.0. Free. Netmon captures 
and stores network packets 
for analysis. It can filter pack- 
ets by protocol type and let 
you find devices on your net- 
work and track their packet- 
broadcasting rates. The 3.0 
release adds a Visual Basic- 
like scripting language so you 
can easily customize it, says 
Leslie. Today, he notes, you 
need C and assembler lan- 
guage skills to do so. 

Now for the quid pro quo. 
Leslie says Microsoft will also 
make available later this year 
D-Code, its database of 
the various service and 
support tools that the 
company uses internally. 
The database not only 
lists what’s what, but it 





also rates the effectiveness of 
what’s what. Leslie says he 
wants other companies to 
rate their troubleshooting 
and analysis tools inside 
D-Code so the info can be 
shared broadly. Microsoft 
giveth, and it asketh. 


Have a Snort 

so you can protect see 

. . . your network in real time. 
That’s Snort, the open-source 
intrusion-detection and 
-protection software. Source- 
fire Inc. in Columbia, Md., 
this quarter will upgrade its 
Snort-based appliances to 
evaluate data packets at rates 
as high as 8Gbit/sec., accord- 
ing to Michele Perry, the 
company’s chief marketing 
officer. The Intrusion Sensor 
appliances will be able to ap- 
ply 2,900 network-access 
rules in real time, Perry says. 
She boasts that the rules can 


Sourcefire’s Intrusion Sensor appliance 





eliminate up to 80% 
of network alarms, 
thereby assuring IT 
managers that the 
alarms that do ring 
are truly trouble. Pric- 
ing for the high-speed 
Intrusion Sensors will 
start at $179,000. 


IT lacks control 


| of network... 


. .. perimeter because, well, it 
doesn’t own that. So claims 
Rita Selvaggi, vice president 
of marketing at Permeo Tech- 
nologies Inc. in Austin. She 
contends that 30% to 40% of 
the devices accessing corpo- 
rate networks aren’t owned 
or managed by internal IT de- 
partments. They’re the home 
PCs of your employees and 
the computers used by your 
supply chain partners and 


| your oushore and offshore 


outsourcers — in short, who 
knows who is using who 
knows what. If Selvaggi’s 
right, you really don’t know, 
which is why, she argues, you 
need to look at Permeo’s new 
Base5 security software that’s 
due to ship by this month. 
Base5 loads a tiny bit of code 
on every Windows machine 
that’s accessing your net- 
work. That code links the de- 
vices to the BaseS server soft- 
ware, which proxies the en- 
tire session and applies your 
access policies. For example, 
if you don’t allow cut-and- 
paste in a given application, it 
will ensure that there’s none 
going on. Later in Q2, Permeo 
will add high-availability fea- 
tures to the server. Pricing 
can be as low as $50 per con- 
current user. 


Low-cost, ASP-style 

system for. . . 

. .. managing sales commis- 

sions is on the horizon. Bob 

Conlin, vice president of 

marketing at Incentive 
Systems Inc. in Burling- 
ton, Mass., acknowl- 
edges that his company’s 
software and rival prod- 
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ucts ain’t cheap. “Our 
average license is 
$850,000,” he says. 
And that’s before you 
get to the spendy con- 
figuration stage, 
which could equal or 
even double the price 
tag. Sales commission 
management is com- 
plex, what with 
ramped rates, split commis- 
sions, drawdown adjustments 
and much more making com- 
mission estimates as much art 
as science — especially for 
those stuck using Excel as 
their primary tool. Conlin, 
whose company does busi- 
ness as Centive, claims that 
the upcoming Compel hosted 
service will be “a 100% solu- 
tion for 80% of the market.” 
Compel offers three dash- 
board views — an executive’s 
perspective, the sales rep’s 
view and one for compensa- 
tion analysts. The service will 
be available at the end of this 
month and will cost $55 per 
user monthly. “That’s less 
than you pay for a rep’s cell 
phone bill,” Conlin says. 


Unify global sourcing 
with new tool. . . 

. .. that understands world com- 
merce. TradeStone Software 
Inc. in Gloucester, Mass., this 
week plans to release Unified 
Buying Engine, which links 
your operations with suppli- 
ers almost anywhere in the 
world, says : 

CEO Sue 
Welch. She 
adds that the 
software han- 
dles logistics 
and financing 
issues and 
“normalizes” 
things such as 
currency rates and shipping 
data from the perspective of 
the end user. That is, a U.S. 
buyer would see costs in dol- 
lars, while a Chinese supplier 
would see them in yuan. 
Pricing starts at $150,000. 

@ 53488 


WELCH 
Simplify global 
are 





Xerox color multifunction systems can take all the things you do 
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Xerox color is a blast. And Xerox color multifunction 
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VeriSign Close to 
New .net Deal 


VeriSign Inc. has moved closer to 
renewing its contract to operate 
the .net domain registry. Telcordia 
Technologies Inc., an evaluator 
hired by the Internet Corporation 
for Assigned Names and Num- 
bers, ranked VeriSign’s bid higher 
than those of four other con- 
tenders for the contract, which 
will run for at least six years. 


AMD Offers a First 
Look at Pacifica 


Advanced Micro Devices Inc. has 
offered the first peek at Pacifica, 
its virtualization technology for use 
on server and desktop processors. 
The Pacifica specs are scheduled 
to be released this month. The 
technology allows multiple oper- 
ating systems and applications to 
run in independent partitions on a 
single processor. Pacifica, due to 
be rolled out next year, was pre- 
sented at the AMD Reviewer's 
Day last week in Austin. 


Symantec Discloses 
Antivirus Tool Flaws 


Symantec Corp. acknowledged 
that flaws in some of its antivirus 
products could allow malicious 
hackers to use denial-of-service 
attacks to crash systems running 
the software. The company has 
posted a notice on its Web page 
describing the vulnerabilities in 
Norton AntiVirus, Norton Internet 
Security and Norton System- 
Works. The company distributed 
patches with its LiveUpdate auto- 
matic update service. 


Siebel Releases New 
CRM OnDemand 


Siebel Systems Inc. has unveiled 
CRM OnDemand Release 7, a 
hosted contact-center system 
that it said can help users create 
customer-related workflows and 
get a better view of multichannel 
interactions. The new version has 
been integrated with other hosted 
applications in Siebel’s Contact 
OnDemand package. 





New products 
manage enterprise 
apps, service levels 


BY HEATHER HAVENSTEIN 
ENDORS ARE Offering 
tools they say will 
help bridge the gap 
between develop- 

ment and IT operations and 


} ease angst about management 


of distributed applications. 
Mercury Interactive Corp. 
next week is set to unveil a 
diagnostic tool that company 
executives said will allow IT 
departments to identify, diag- 
nose and resolve problems 


across J2EE, .Net, ERP and 


CRM applications. 

The Diagnostics 3.0 tool will 
provide application testers and 
IT operations with one tool to 
manage performance as enter- 
prises move applications to 
distributed platforms, said 
Ramin Sayer, director of prod- 
uct marketing at Mountain 
View, Calif.-based Mercury. 

“Overall, what bridges these 
two groups ... is the need to 
manage end-to-end service 


NEW PRODUCTS 


Tools for Harnessing 

Distributed Apps 

Mercury's Diagnostics 3.0 

is designed to identify, diagnose 

and resolve problems across 

J2EE, .Net, ERP and CRM appli- 

cations. Gives application testers 

and IT operations a single tool 

for performance management. 


Interwoven Content Pro- 
visioning includes hub server 
software for application code 
and configurations, file and 
database content. Interwoven's 
OpenDeploy server makes it 
easy to aggregate and distribute 
code and content to Web, file, 
database or application servers, 
or network-edge devices. 
Compuware's Strobe 3.2 and 
iStrobe 2.1 are designed to 
help users manage performance 
of distributed applications that 
access DB2 on mainframes to 
prevent performance degrada- 
tion as the amount of data in 
DB2 increases. 





performance ... and to be able 
to proactively detect and re- 
solve problems,” he said. 
SmartMoney.com uses the 
Mercury Managed Services 
hosted system for monitoring 


‘Tools Bridge II; Operations 


mance management technol- 
ogy. Executives said it will 


| help companies manage the 
| performance of distributed ap- 


the performance of its external | 


leb sites and for the applica- 
tion service provider-based 
portfolio management and 
investment tools it provides 
to clients. The diagnostic 
tools, which will include Mer- 
cury’s new offering, allow 
SmartMoney to troubleshoot 
application issues before they 
become problems to end users, 
said Al Castrillon, manager 
of technical operations at 
the New York-based firm. 
“You don’t want to restrict 
your development team to a 
specific platform because of 
your monitoring technology,” 
he said. 

Dana Gardner, an analyst at 
The Yankee Group in Boston, 
said that before the unified 
Mercury tool, enterprises were 
forced to choose among tools 
for monitoring application 
performance based on plat- 
form and type of application. 

To help organizations man- 
age code and content changes 
in distributed environments, 
Interwoven Inc. in Sunnyvale, 
Calif., this week will roll out its 
Interwoven Content Provision- 
ing suite. The suite is designed 
to let enterprises standardize 
how code and content changes 
are aggregated, synchronized 
and deployed in complex Web 
application environments. 

Blue Cross and Blue Shield 
of Massachusetts Inc. is 
rolling out all the products in 
Interwoven’s new suite to an- 
chor the organization’s enter- 
prise strategy to move code 
and content across applica- 
tions, said Frank Enfanto, vice 
president of operations deliv- 
ery and information security 
at Blue Cross. “It allows you to 
move content along through 
different environments from 
development to staging to pro- 
duction in an organized and 
proper workflow,” he said. 

Compuware Corp. late last 
month announced new ver- 
sions of its application perfor- 


plications that access IBM’s 
DB2 on mainframes. 
Compuware Strobe 3.2 pin- 
points which SQL statements 
are using the most available 
CPU space or have delayed re- 


www.computerworld.com 


sponse turned on, allowing 
users to identify where prob- 
lems are occurring. And 
iStrobe 2.1 lets users measure 
the performance of applica- 
tions, the Detroit-based com- 


pany said. @ 53517 


MORE ONLINE 
IBM adds a version of WebSphere for 
2/OS-based mainframes 
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Alcatel Switches Offer 
Software Key for Upgrades 


OmniSwitch 6800L 
Alcatel SA 


= PRODUCT SUMMARY: Alca- 
tel today plans to introduce two 
versions of a corporate-class 
switch that can be upgraded from 
10/100 Ethernet transmission 
rates to Gigabit Ethernet via soft- 
ware that's built in but not turned 
on. The Paris-based company 
said the stackable OmniSwitch 
6800L switches support 24 or 48 
ports and are suitable for small 
data centers or wiring closets at 
the edges of corporate networks, 
plus in installations where Gigabit 
Ethernet speeds to the desktop 
are desirable. Users can also buy 
a software key to upgrade to Gi- 
gabit Ethernet without needing 
additional hardware. 


USER EXPERIENCE: Salem 
State University in Salem, Mass., 
plans to buy several 6800L 
switches for use in wiring closets 
in four buildings, said Brian Hel- 
man, the school's director of net- 
working. Helman said that be- 
cause he isn't sure when he will 
need to turn on the Gigabit Ether- 
net capability, the software up- 
grade being offered by Alcatel is a 
welcome feature. “The software 
key is good future-proofing,” he 
said. Salem State started using 
Alcatel equipment in late 2003 af- 
ter 3Com Corp. stopped making 
the switches that the school had 
been using, Heiman said. About 
two months ago, he bought a 
standard OmniSwitch 6800, 
which was introduced in Decem- 
ber and supports Gigabit Ethernet 


Alcatel’s OmniSwitch 6800L 


tates with 10 Gigabit Ethernet up- 
links. Helman is using the device 
to run tape backups for a data 
center, and he said it's performing 
superbly. Helman acknowledged 
that Alcatel doesn’t have a big 
presence in the U.S. “They are un- 
known, which is a little bit of a 
risk, but choosing them has 
proven to be correct,” he said. 
“They're much more responsive 
than other vendors.” 


™ ANALYST ASSESSMENT: 
Zeus Kerravala, an analyst at The 
Yankee Group in Boston, said the 
6800L's software upgrade capa- 
bility is a “truly unique” feature. 

“It offers flexibility for people not 
sure when to upgrade to 1 Giga- 
bit,” he said. The 6800L also is 
less expensive than the similar- 
size Catalyst 3750 switch from 
Cisco Systems Inc., according to 
both Alcatel and Kerravala. But 
Kerravala questioned how well the 
products will be received by U.S.- 
based users. “Alcatel’s problem is 
they have no brand recognition in 
the U.S.,” he said. “They're mainly 
known as a French company that 
makes carrier-class equipment.” 


®@ OTHER VENDORS IN THIS 
MARKET: Cisco, Extreme Net- 
works Inc. and Foundry Networks 
Inc., among others. 


™ PRICE: Starts at $3,295 for 
the 24-port switch and $4,795 for 
the 48-port model. The software 
key for upgrading to Gigabit Eth- 
ernet starts at $2,395. 


@ AVAILABLE: Now € 53532 
- Matt Hamblen 
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Tough Privacy Law 
Debuts in Japan 


TOKYO 
ANY COMPANIES throughout 
Ni Japan, including foreign ones, 
will have to comply with a 
stringent new data privacy law that 
went into effect April 1. 

The Personal Information Protec- 
tion Law applies to any company that 
has offices in Japan and holds personal 
data on 5,000 or more individuals, in- 
cluding employees, according to 
Kazuhito Masui, an attorney at Shiba 
International Law Offices in Tokyo. 
Under the law, personal data includes 
a person’s name, address, date of birth, 
sex, and home and mobile phone num- 
bers. E-mail addresses are 
also covered if they’re 
recognizable as 
a person’s name. 

Masui said the law re- 
quires companies to des- 
ignate a corporate privacy 
officer, take security mea- 
sures to prevent data 
from being leaked or 
stolen, and obtain con- 
sent from individuals be- 
fore using personal infor- 
mation for any purpose 
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other than the ones originally stated 
when the data was collected. 

The law also sets possible fines of 
up to 300,000 yen ($2,804 U.S.) and jail 
sentences of up to six months for data 
managers who don’t comply, Masui 
said. 
mw PAUL KALLENDER, IDG NEWS SERVICE 


Software AG, Rive 
Offer XBRL Software 


DUSSELDORF, GERMANY 

OFTWARE AG, in Darmstadt, Ger- 
S == and Rivet Software Inc., in 

Englewood, Colo., last week an- 
nounced a partnership to provide soft- 
ware for recording and transmitting fi- 
nancial information based on the Ex- 
tensible Business Report- 
ing Language (XBRL) 
standard. 

Users of Software AG’s 
Digital Reporting Plat- 
form will be able to use 
Rivet’s Dragon Tag soft- 
ware to convert financial 
information in Microsoft 
Word and Excel formats 
into XBRL documents, 
the vendors said 

XBRL uses XML data 
tags so that financial data 


can be electronically extracted and ex- 
changed for efficient financial report- | 
ing. Tax authorities in Belgium, the 

| Netherlands and the U.K. plan to start 
| requiring that financial documents be 
| filed in XBRL within the next two 
years. The U.S. Securities and Ex- 

| change Commission will begin accept- 
| ing voluntary filing of XBRL docu- 
ments this month. 

mw JOHN BLAU, IDG NEWS SERVICE 


RFID Doesn't Deliver 
What FedEx Needs 


SYDNEY, AUSTRALIA 

ADIO FREQUENCY identification 
Reo technology is a long way 

from meeting the demanding 
standards of FedEx Corp., one of the 
courier’s IT executives said at the 
Wireless Enterprise World conference 
here last month. 

Linda Brigance, CIO at FedEx Asia 
Pacific, a regional unit based in Hong 
Kong, said the company’s tests of RFID 
devices show scanning failure rates as 
high as 25%. “We get 99.9% accuracy in 
the scanning of bar codes, so anything 
less than that is really a step back in 
our business — it’s not something we 
want to do,” she said. “We want to wait 
| and see when RFID gets the same ac- 
curacy rate.” @ 53477 
w JULIAN BAJKOWSKI, 

COMPUTERWORLD TODAY (AUSTRALIA) 
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Briefly Noted 


Toshiba Corp. has developed 
prototype batteries that can be 
recharged about 60 times faster 
than conventional lithium-ion bat- 
teries. The technology could be 
available for notebook PCs and 
handheld devices in about three 
years, executives said last week. 
m PAUL KALLENDER, 

IDG NEWS SERVICE 


Computer Sciences Corp. in El 
Segundo, Calif., last month signed a 
five-year, $17.6 million IT contract 
with Shanghai-based China Pacific 
Property Insurance Co. The insurer, 
which has about 26,000 employees 
and 1,700 offices, will install CSC’s 
FutureFirst insurance administra- 


Ness Technologies Inc., a global 
IT outsourcing company in Hacken- 
sack, N.J., last week announced 
that it will acquire Radix Co., an 

IT services firm with offices in 
Bucharest and lasi, Romania, for 
3 million euros ($5.2 million U.S.). 
Radix, whose clients include major 
enterprises such as Romania’s na- 
tional electric utility and national 
railway, will become a subsidiary. 





U.K. Gov't Withholds $25M From EDS | 


not comment further. 


contractual issues, she could 


transformation program, and 
the system is now providing 


BY LAURA ROHDE 

Electronic Data Systems Corp. 
is continuing to experience 
problems with a welfare case 
management and telephony 
system it developed for the 
U.K. government. As a result, 
the Plano, Texas-based com- 
pany is having a hard time get- 
ting paid for its work on the 
project, which is now expect- 
ed to cost $860.9 million. 

As it continues to work with 
EDS to get the system for the 
Child Support Agency (CSA) 
fully operational, the Depart- 
ment of Work and Pensions 
(DWP) has withheld $25 mil- 
lion in payments to EDS over 
the past two years, according 
to the minister in charge of 
the department. 

Though there has been 
some progress in developing 


new computer and telephony 
systems, some significant 
problems remain that “contin- 
ue to slow progress on busi- 
ness recovery,” Alan Johnson, 
secretary of state for the de- 
| partment, said in the latest 
House of Commons Parlia- 
mentary Select Committee 
progress report. The commit- 
tee is charged with oversight 
of the department. 

“The department continues 
to retain substantial payments 
from EDS,” Johnson said. 
“{Annual payments are] deter- 
mined by the contract and 
linked to service levels and 
to the degree of functionality 
delivered.” Based on those 
criteria, the agency withheld 
$25.1 million in payments due 
to EDS, he said. 

EDS is disputing the with- 








holding of funds, the company 
said in a statement. A spokes- 
woman for EDS declined to 
clarify whether EDS was out 
of pocket for the payment or if 
it could recoup the money at a 
later date. 


Implementation Hurdles 
The computer system for the 
CSA, which has been delaying 
payments to tens of thousands 
of single parents, was launched 
in March 2003, two years be- 
hind schedule and $483.2 mil- 
lion over budget. It involves a 
Java-based application devel- 
oped by EDS. The latest pro- 
jected 10-year, $860.9 million 
price tag is up from the $806.5 
million price projected last 
summer [QuickLink 49221]. 

A DWP spokeswoman said 
that because of the ongoing 





In July, the Select Commit- 
tee issued a scathing report 
that characterized the EDS 
system as an “appalling waste 
of public money” and called 
for the entire system to be 
dumped if it was not fully 
operational by Dec. 1, 2004. 

In November, Johnson said 
he was considering the “nucle- 
ar option” of pulling the plug 
on the system. But in Jast 
month’s assessment, Johnson 
appeared to back away from 
shutting down the system. 

“An Agency Business Trans- 
formation Program is being 
developed, which will contain 
short-term tactical initiatives 
and also places significant em- 
phasis on ensuring medium- 
to long-term sustained recov- 
ery,” he said. 

EDS and the DWP are work- 
ing closely on the business 





service to over 620,000 cases, 
the committee said in its re- 
port. The committee was told 
in November that only 61,000 
out of 478,000 single parents 
had received payments from 
the system and that a total 
of $1.4 billion in support pay- 
ments remained uncollected 
[QuickLink 50982]. 

What was not provided was 
a date for when the system is 
expected to be satisfactorily 
functional. “The absence of a 
confirmed date for acceptable 
performance by the CSA, 
while understandable, is a 
major shortcoming in the gov- 
ernment’s response,” said Sir 
Archy Kirkwood, chairman of 
the Work and Pensions Select 
Committee. @ 53508 


Rohde writes for the IDG 
News Service. 
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Tyler Best, CIO at Van- 
guard Car Rental USA Inc., a 
Tulsa, Okla.-based company 
that owns the National and 
Alamo car rental brands, 
urged Hurd to fully engage 
users and find out what 
they’re expecting from HP. 
Over the past few years, the 
vendor’s concentration has all 
too often been focused in- 
ward, Best said. 

“It’s imperative not to lose 
touch with what’s important 
to the customer,” he said. 

During his press confer- 
ence and an earlier confer- 
ence call with financial ana- 
lysts, Hurd said little about 
how he may shape HP’s strat- 
egy. He vowed to keep “a re- 
lentless focus” on meeting the 
needs of users. But he will 
also be focused on results, he 
added, saying that his man- 
agement philosophy “reflects 
a fundamental belief in cost 
discipline and focused invest- 
ment” in initiatives that have 
strong growth potential. 


Users Uncertain 
Denys Beauchemin, a director 
of the 100,000-member Interex 
HP user group, said he is wor- 
ried that in order to cut costs, 
the new CEO will shorten the 
end-of-life road maps on prod- 
ucts such as the HP e3000 
midrange line and the compa- 
ny’s Alpha-based systems. 
Beauchemin, who is a sys- 
tems migration consultant at 
Austin-based IT services firm 
Sector7 USA Inc., added that 
he thinks HP has strayed from 
the deep engineering roots es- 
tablished by its founders. 
Hurd, who had spent the 
past 25 years at NCR and had 
been its CEO since March 
2003, is relatively unknown to 
HP users. Most of the cus- 
tomers interviewed last week 
said they didn’t know enough 
about Hurd to have an opinion 
about his ability to lead HP. 
That corresponded with the 
results of an informal poll on 
Computerworld’s Web site, in 
which 64% of the 235 people 
who had responded as of Fri- 
day afternoon said it was too 
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: + JANUARY: NCR discloses that it lost $220M 
: in 2002s annual revenue fell by 6%. 
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NEWS 


++ MARCH: Hurd is promoted from presi- 
dent and chief operating officer to CEO. 


+e JULY: NCR says it returned to 
profitability in the second quarter. 


NCR STOCK PRICE: $9.88 


soon to tell whether Hurd’s 
hiring was a good move. 
Members of HP’s board cited 
the need for a more hands-on 
executive when Fiorina was 
ousted in February. They were 
drawn to Hurd by the fact that 
NCR’s financial results and 
stock price improved signifi- 
cantly after he began running 
that company (see timeline). 
Frank Gillett, an analyst at 


| Forrester Research Inc., said 


Hurd “has demonstrated a lot 
of operational skills — the 





$19.60 


ability to make tough deci- 
sions and cut costs.” 

“If you look at the track 
record, he took a company 
that was floundering and took 
it to where it’s a very healthy 
company,” said Sam Bhavnani, 
a La Jolla, Calif.-based analyst 
at Current Analysis Inc. 

But to succeed at HP, Hurd 
will have to keep users such as 
Ashok Bakhshi satisfied. The 
IT director at Schindler Eleva- 
tor Corp. in Morristown, NJ., 
said HP needs to differentiate 
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NCR STOCK PRICE: $39.45 
$19.79 
itself by bundling more ser- 
vices with its hardware. 
He also said that the com- 
pany should add more value 


| to its products. For example, 


Bakhshi said he would find it 
helpful if HP preconfigured its 
PCs with applications such as 
SAP AG’s ERP client. 

Hurd will also have to ad- 
dress the concerns of users 
like Ron Horner, an e3000 
user and legacy systems su- 
pervisor at Lady Remington 
Jewelry in Bensenville, Ill. 


Hurd’s Paper Trail Puts Premium on Knowing Customers 


IN A SENSE, Hewlett-Packard’s 
new CEO, Mark Hurd, is an open 
book. He co-authored one last 
year outlining his belief that un- 
derstanding customers is critical 
in a time when “virtually every 
industry is commoditizing.” 

In The Value Factor: How 
Global Leaders Use Information 
for Growth and Competitive 
Advantage (Bloomberg Press, 
2004), Hurd and NCR Chairman 
Lars Nyberg said the key differ- 
entiator for companies in the cur- 
rent market environment is infor- 
mation: knowing customers’ 
wants and needs. 

“We don't go to the corner 
diner for the best food. We go 
because they know us and we 
don't even have to look at the 
menu,” wrote Hurd and Nyberg, 
who was NCR's CEO before Hurd 


was given that job. “The value of 
knowing our customers rolls up 
from the corner diner to the 
largest corporations.” 

Hurd appeared to practice 
what he preached at NCR, said 
Tom Jung, a member of the board 
of the Midwest regional user 
group for NCR's Teradata data 
warehousing technology. 

Jung, who is an adviser to the 
IT database administration group 
at WellPoint Inc. in Thousand 
Oaks, Calif., said he felt that NCR 
Officials paid sufficient attention 
to customers and user groups 
under Hurd's leadership. Dayton, 
Ohio-based NCR often sent top 
Officials to his regional user 
group's meetings, Jung noted. 

In their book, Hurd and Nyberg 
also wrote about the need to in- 
novate. But former NCR employ- 


ee Robert A. Nisbet, a scientist 
who led some data mining re- 
search efforts at the Teradata di- 
vision when Hurd was heading it, 
said Hurd isn’t one to continue 
supporting technology that re- 
quires long-term development. 
“If he doesn’t see immediate and 
significant feedback in terms of 
revenue after a couple of years, 
he’s likely to pull the plug,” said 
Nisbet, who left NCR in 2000 
and is now a private consultant. 

During his press conference 
at HP’s headquarters last week, 
Hurd deflected questions about 
his plans for HP and didn’t say 
whether he would reduce its 
workforce, which now stands at 
about 150,000, or move U.S.- 
based jobs offshore. But Hurd 
was hired to make changes. 

“| believe in an execution- 


| 
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Horner said Fiorina did a lot 
to alienate the e3000 installed 
base by stopping sales of the 
systems in 2003 and holding 
off on responding to a propos- 
al to turn over the source code 


| for the e3000’s MPE operating 


system to a third party. “HP 
has got to formally decide 
what they are ultimately going 
to do with MPE,” Horner said. 
But while some customers 
are unhappy with the changes 
at HP in recent years, others 
aren’t. Tom Freeman, CIO for 
the city of Roseville, Calif., 
said he thinks HP’s acquisition 
of Compaq Computer Corp. in 
2002 changed its culture to a 
more customer-centric one. 
“We saw a big change in 
HP that, to me, was positive,” 
Freeman said, adding that he 
hopes Hurd will keep a close 
focus on customers and con- 
tinue to invest in new prod- 
ucts such as HP’s digital pen 
technology. @ 53530 
Tom Krazit of the IDG News 
Service contributed to this story. 


OUR TAKE 
writes that HP was wise to 


avoid another celebrity CEO - and that 
Hurd would be wise to buy Novell. Page 18 


says Hurd needs to do some 


|_ listening before taking action to clean up 


the “mess” he’s inheriting. Page 50 


oriented culture,” Hurd said. “I 
believe in setting clear goals, im- 
plementing tactical plans and 
holding people accountable.” 

And he acknowledged that HP 
needs some repairs. Although 
HP is “fundamentally sound” and 
a leader in many technology and 
services categories, Hurd said, “it 
is also clear that the company is 
not performing to its potential.” 

Zeus Kerravala, an analyst at 
The Yankee Group in Boston, 
called Hurd an unexpected 
choice to head HP. 

“NCR is a small company, but 
I've heard that he's really good at 
sales and marketing, and that's 
what HP needs,” Kerravala said. 
“HP touches so much of the en- 
terprise that they need to have a 
unique brand identity. That's his 
biggest challenge.” 

- Patrick Thibodeau 
and Matt Hamblen 
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OPINION 


DON TENNANT 


After the Afterglow 


’VE BEEN RACKING MY BRAIN trying to re- 

member if I’ve ever met Mark Hurd, the for- 

mer CEO of NCR who last week was named 

the new CEO of Hewlett-Packard. I believe 

I must have, because I spent some time at 
NCR’s headquarters in Dayton, Ohio, back in 1996 to 
interview then-CEO Lars Nyberg and some other 
NCR hotshots. Hurd, a 25-year NCR veteran, was 


already a rising star, so 
chances are I interviewed 
him or at least bumped 
into him. But darned if I 
can remember. 

I know I wasn’t the only 
one scratching my head 
last week. No doubt there 
were as many variations 
of the “never heard of 
Hurd” quip in your office 
as there were in ours. And 
if you Googled “Mark 
Hurd” for some help, you 
had to sift through references to guys 
like the “college student, mountain 
biker and all-around geek living in 
Dallas, Texas” in order to find any- 
thing on HP’s new CEO. He doesn’t 
stand out in a crowd. 

And that in itself is testimony to 
the wisdom of HP’s board. It didn’t 
cave in to expectations that HP would 
seek a celebrity CEO who wouldn’t 
disappear in the afterglow of Carly 
Fiorina. Hurd’s appointment demon- 
strates that the board learned its les- 
son from going the celebrity route. 

Hurd may not have made it onto a 
lot of magazine covers, but he has 
proved that he knows how to turn a 
faltering company around. Consider 
this: In 2002, NCR reported a net 
loss of $220 million; in 2003, Hurd 
took the CEO reins from Nyberg; 
and in 2004, NCR reported a net 
profit of $290 million. 

Hurd also has three years as head 
of NCR’s Teradata data warehousing 
division under his belt and is widely 
credited with its current success: In 
January, Teradata reported fourth- 
quarter revenue of $420 million, up 
14% from the same quarter a year ear- 





lier. Those are the sorts 
of numbers that capture 
the attention of compa- 
nies that are on the prowl 
for a CEO. And I have a 
hunch that the fact that 
Hurd had Teradata on his 
résumé wasn’t lost on 
HP’s prowling board. 

HP needed a CEO who 
knows the software busi- 
ness. When Fiorina got 
the boot, I argued that 
her successor would 

need to mold the company more in 
the image of IBM, with a strong con- 
sulting business. A stronger software 
business is a prerequisite for that 
and will be vital to HP’s health. So 
Hurd clearly has a mandate: Give HP 
a software future. 

It’s difficult to imagine that future 
without a much more compelling 





Linux vision than what HP has now. 


| And if I were Hurd, I’d focus that vi- 


sion squarely on Novell. 
Novell’s decision two years ago 
to adopt Linux as its NetWare migra- 


| tion path was the single most bril- 
liant move by any technology vendor | 


in the past five years. Almost over- 
night, that move, encompassing as 
it did the acquisitions of SUSE and 
Ximian, rescued Novell from a pe- 
ripheral existence dependent on the 
stubbornness of an aging band of 
NetWare die-hards. It transformed 
the company into one of the most 
formidable bastions of Linux tech- 
nology on the planet. 

But nothing is forever, and with 
the recent exits of Vice Chairman 
Chris Stone and CTO Alan Nugent, 
Novell lacks the leadership it needs 
to fend off suitors. HP needs to grab 
Novell soon, because if it doesn’t, 
IBM just might. 

Don’t forget that Fiorina lost the 
consulting unit of Pricewaterhouse- 
Coopers to IBM in 2002. Losing 
Novell to IBM is the last thing HP 
needs you to read about when you 
Google “Mark Hurd.” @ 53483 
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BRUCE 


The Changes 
‘To Come in 
Five Years 


PON HER appoint- 

ment in 2010 as CIO 

and chief operating 
officer, an IT manager looks 
back on the past five years in 
the field: 


It’s hard to believe how much has 
changed in IT since 2005. Why, I can 
hardly recognize the place! 

It’s hard to put my finger on exactly 
what drove all the change. Was it the 
tightening labor market for legacy 
skills that finally forced us to act? Was 
it the turmoil of vendor after vendor 
merging, changing forever our product 
mix? Was it our management tools? 

Those are all a part of the story, but 
in the end, I'd have to borrow a phrase 
from Sherlock Holmes and say that 
what really drove the 
change was the dog 
that didn’t bark. 

Since 2005, there 
really hasn’t been 
that much change 

in the technology 
world. Rather, what’s 
changed is how IT 
decisions are made. 

That wave of re- 
tirements, for in- 
stance, and the sub- 
sequent dearth of 
legacy skills finally 
forced the issue of 
application reinvest- 
ment. It was a tough 
fight convincing the 
business side that the shelf life of soft- 
ware isn’t infinite. But as we showed 
how our portfolio was absorbing more 
costs with no more return — and as 
those emergency contractor calls to 
keep things moving started to add up 
— the point was driven home. 

The vendor consolidation helped 
too. How many times in the past five 
years have we had to deal with prod- 
ucts we liked being taken over by com- 
panies we didn’t? We got burned a few 
times as well when vendors promised 
to keep our products going and then 
just abandoned development. It got us 
thinking about how to protect our- 
selves, and that finally opened the 
door for an architected future built 
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around Web services. Now, when one 
of our vendors is taken out of the 
game, it’s easier to shift suppliers. 

And some of those liability suits 
brought against the software suppliers 
helped make what we buy work better 
too. Fortunately, we decided to learn 
how to do sourcing better rather than 
just file lawsuits — and that’s opened 
the door to much more flexibility in 
our infrastructure. 

Now that we're more services- 
driven, we couldn’t keep our old func- 
tional application teams. They just 
didn’t make sense for us anymore. So 
we have some centers of excellence to 
consolidate key skills, some services 
teams and some enterprise offices (the 
program office is really helping to deal 
with business change, and the business 
architecture office is a key part of re- 
designing the company as a whole). 
Our relationship managers are manag- 
ing investment flows and future cost 
structures for whole business process- 
es now. 

I never thought I'd have legal staff, 
consultants and so many external man- 
agement advisers on my team, but we 
need all of them, especially to manage 
the mix of services we buy and the ser- 
vices we're providing both to the com- 
pany and to our supply chain partners. 

I was approached recently to change 
jobs. But not even a million-dollar 
salary could get me to go back and run 
an old-style IT organization now. Here, 
I really feel as though I’m running a 
business — and my clients think so 
too. It was a tough road, but here in 
2010 I think we finally can deliver on 
the promise of IT. @ 53363 


MICHAEL H. HUGOS 
The ‘Define, 
Design, Build’ 
Approach 


NE OF THE MOST im- | 


portant and complex 

things an IT profes- 
sional is called on to do is im- 
plement new systems. This 


runs the gamut from rolling 
out packaged applications to creating 
custom sysiems. To get some insight, 
let me draw an analogy between this 
and another activity I have been 
deeply involved in lately. 

My wife and I are doing a major re- 
modeling job on our house. You can 


call us the “executive spon- 
sors” of this project. It’s 
complicated, so we hired an 
architect. We also hired 
contractors to do the con- 
struction and the electrical 
and plumbing work. We 
know generally what we'd 
like, but the architect is key 
to making it a reality. His 
approach is to clearly de- 
fine what we want, design 
possible solutions and then 
supervise building what we 
choose. He doesn’t tell us 
what to do, but he has a way 
of influencing our deci- 
sions. Whenever we jump 
to conclusions, we make de- 
cisions that cause problems 
and add to the cost later on. 
Implementing a new sys- 
tem is a lot like building or remodeling 
a house. As the IT guy, I play the role 
of the architect, and business man- 
agers are the homeowners. I encourage 
them to use a simple approach, and 
when we do, we are successful. When 
we don’t, I usually get blamed for 
things going wrong. 
In any systems project, there are 
technology issues (over which I have a 
lot of control) and a host of other is- 


sues that fall into the cate- 
gories of people (meaning 
politics) and process 
(meaning getting people 
to do things in new ways). 
I have no control there. All 
I can do is exert construc- 
tive influence. 

Much like my architect, I 
use a basic three-step ap- 
proach that works for any 
system implementation 
project. In the first step, 
called “define,” I deal with 
the people and political is- 
sues. I get the executive 
sponsors to state clearly 
what they want and what 
the performance require- 
ments are that the system 
must meet. Then we agree 
on a conceptual or high- 

level design for a system that meets 


| these requirements. I estimate what it 


will cost, and if the sponsors decide 


that the benefits of the system still out- | 


weigh the costs, then the project 
moves on to the next step. 

That’s “design,” when the process is- 
sues are worked out. Business people 
who will use the system work with 
technical people who will build it. We 
figure out new workflows and ways to 





use the technology to meet perfor- 


| mance requirements. If business and 

| technical people are still talking to one 
| another and smiling at the end of this 

| step, it means we have produced a 

| good (or good enough) design that will 
| get the job done. 


“Build” is the biggest and most ex- 
pensive step but actually the least 


| risky. If the first two steps were done 


well, I have the most control here. 


| Problems will arise, but they will be 


technical, not political or procedural. 
Technical problems have technical an- 
swers. They are easy compared with 
political and procedural problems. 
The main reason why people hesi- 
tate to follow this approach is that they 
think it will become too time-consum- 
ing or bureaucratic. I respond by 
showing them how each step gets work 
done quickly by using appropriate 
combinations of a small set of tech- 
niques. I'll talk about those techniques 
next month. And I'll let you know how 
my house remodeling is coming. If I 
follow my own advice, it should be 


doing well. @ 53370 
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Microsoft Keeps Using FUD Against Linux 


HE ARTICLE “Microsoft Tries 

New Pitch to Curb Linux Use” 
[QuickLink 52567] states that Mi- 
crosoft is attempting to sway users 


| the threat toward national and local 


government entities. The next 


week, Beijing announced that the 
| city government wouldn't renew its 


away from Linux by spotlighting the | 
| to Linux. Microsoft needs more of 

| the same. Better yet, switch to Ap- 
| ple. Better hardware, better operat- 


need for strong intellectual-proper- 
ty protection. FUD, FUD and more 
FUD; it is what Microsoft does best. 

The first thing that IT managers 
and CEOs have to ask is, Where 
does the threat lie? From SCO? On 
the surface, yes. But anyone has to 
seriously doubt that there is any 
substance to SCO's case against 
IBM at all. Although Computerworld 
and other publications character- 
ized the ruling not to grant summary 
judgment as a win for SCO, in fact 
IBM won 90% of the motion for 
summary judgment. If it were not 
for the judge's forbearance, the 
case would be over, and he said 
as much. 

So, what is really going on here? 
A veiled threat from Microsoft, im- 
properly wielding its market domi- 
nance once again. Steve Ballmer 
tried this recently in Asia, directing 


Microsoft license and would switch 


ing system, better use of open- 


| source and no threat of litigation 
| from SCO or Microsoft. 
| Daniel Reiss 


President and CEO, 
Automated Terminal 
Systems Inc., Washington, 


| atysusua@earthlink.net 


' Dude, You Got H-1B 


Practices Wrong 


N PAT THIBODEAU’S interview 
with N. Sivakumar, the author of 
Dude, Did | Steal Your Job? (Quick- 
Link 52816), Sivakumar is quoted 
as saying, “An H-1B worker should 
not replace an American worker. | 
totally agree with that. That's ethi- 


| it wrong. 


| ers shouldn't replace American 


| or that would prevent companies 
| from displacing American workers. 
| Companies that replaced Ameri- 


| mon misconception that American 
| workers are somehow protected 


| Nate Viall 





Cally wrong, lawfully wrong - it's 
wrong from any angle. If anyone 
is doing that, they should be pun- 
ished.” To which | offer this light- 
hearted correction: Dude, you got 


Many of us would strongly agree 
with his argument that H-1B work- 


workers. However, there are no pro- 
visions in the H-1B sections of im- 
migration regulations that require 
companies to first hire Americans 


cans did so in full compliance with 
the law. Unfortunately, it is a com- 


from this practice. 


President, NVAA, Des Moines 


| Try for Real Variety 


| 
T'S AMAZING how the panel of | 
experts gathered for Computer- Gy ane 

world’s report on the future of IT 

[“The View(s) Ahead,” Quicklink | 


52738], defined as “a diverse 
group,” didn't inciude a single per- 
son of Asian, Middle Eastern or 
African descent, nor did it include 
a woman. 

When bringing together a group 
of “academics, researchers, ana- 
lysts and ClOs,” Computerworld 
may find it interesting to expand its 
horizons beyond males of European 
descent. And its readers may ap- 
preciate the intellectual variety. 

SC Karmanoff 
Principal, KEMS, 
Royal Oak, Mich. 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 


| will be edited for brevity and clarity. 
| They should be addressed to 

| Jamie Eckle, letters editor, Com- 

| puterworld, PO Box 9171, 1 Speen 

| Street, Framingham, Mass. 01701 


Fax: (508) 879-4843. E-mail: 
letters@computerworld.com. 
Include an address and phone 
number for immediate verification 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 





es, Seepage Mester 


DB2. ONLY THE PERFORMANCE IS HIGH. 


DB2 has done it again. According to a Market Magic Study, _It takes full advantage of your existing heterogeneous 

DB2 costs “on average 22% less than Oracle.” and open environments, while its leading-edge 
autonomic computing technology means increased 

The Transaction Processing Performance Council results reliability, increased programmer productivity and 

show that DB2 and eServer™ p5-595 are more than twice decreased deployment and management costs 

as scalable as Oracle Real Application Clusters, making 

them the overwhelming performance and scalability One more thing: Oracle desupported Oracle Database 8i 

leader for TPC-C? And an ITG study showed overall cosis r, meaning potential headaches, higher cost or 

for Oracle Database up to four times higher than DB2 a complete migration to current versions of Oracle. 
Fortunately, IBM offers ongoing, around-the-clock service 

No wonder DB2 is regarded as the leading database built ind support for DB2 

on ux, UNIX* and Windows* Like 

other IBM database engine products such as Informix Why not move up to middleware that makes sense? Now you 

ind Cloudscape’’ DB2 is part of an innovative family of can get IBM DB2 Universal Database or Informix by taking 

nformation management products that integrates and advantage of our extremely compelling trade-up program. 

n actually add insight to your data Visit ibm.com/db2/swap today to find out if you qualify. 
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QUICKSTUDY 


Biometric Authentication 
A look at the technologies that 
can be used to verify a user’s 
identity by means of a physical 
trait or behavioral characteristic 
that can’t easily be changed, 
such as a fingerprint. Page 26 


SECURITY MANAGER’S JOURNAL 


Downtime Becomes 
Documentation Time 

Mathias Thurman takes advantage 
of a lull in the usually hectic pace 
to catch up on some important 
stuff — documenting the things 
that were done earlier. Page 26 
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HEN JIM TARALA 
oversaw the re- 
building of his 


Channel SAN in favor of IP- 


OPINION 


Joining the Federation 
Mark Willoughby says 
federation may a trendy 
linguistic reinvention, but 
its ramifications for identity 
and networks are still 
important to IT. Page 30 


firm’s network and IT 
infrastructure last year, he never 
dreamed he'd throw out his Fibre 
based 
networked storage. The savings, how- 
ever, were just too large to ignore. 

Tarala, CIO and chief technology 

officer at Schenck Business Solutions, 
a 500-partner accounting firm in Mil- 


04.04.05 


As the technology has matured, 
IP-based storage arrays have 
established a beachhead as the 
preferred low-end SAN option. 


More than two years af- 
ter the iSCSI protocol was 
ratified as an Internet Engi- 

neering Task Force standard, early 
adopters say IP SANs are not only 
ready for production deployments 
but also offer an alternative to Fibre 
Channel for low-end and midrange 
storage. Performance and reliability 
of iSCSI arrays have improved, and 
iSCSI SANs are significantly less ex- 
pensive to set up and manage than 


Fibre Channel SANs, users say. 

The high costs of traditional SANs 
have restricted the technology to 
mostly first- and second-tier data 
center applications. Now storage ad- 
ministrators are setting their sights 
on iSCSI as an alternative for some 
second-tier applications. 


A Second Wave 


And a second wave of storage consol- 
idations is already under way: Admin- 
istrators are replacing direct-attached 
storage used in departmental servers 
with local, iSCSI SANs. Robert Gray, 
an analyst at IDC, says the strongest 
growth is coming from large compa- 
nies, which have huge numbers of de- 
partmental servers that can benefit 


waukee, was comfortable with his 
EMC Clariion storage system, but it 
was running out of space. Tarala also 
wanted to eliminate direct-attached 
storage on his mySQL and Microsoft 
Exchange Server systems in favor of 
networked storage. He decided to re- 
place the entire system but initially 
dismissed the idea of using IP stor- 
age-atea networks (SAN) — systems 
that use the iSCSI protocol to allow 
servers to access stored data over an 
IP network — rather than direct- 
attached or Fibre Channel arrays. “I 
wasn’t comfortable with the overall 
architecture,” Tarala says. 

Then he discovered that replacing 
the aging FC700 with a 1.5TB system 
would cost more than $90,000, while 
a 2.5TB iSCSI-based PS Series system 


VASION 


Hobo! 


ARRAYS 


servers. 


from EqualLogic Inc. in Nashua, 

N.H., would cost just $47,000. 
Schenck gave Fibre Channel the 
boot. Tarala now has three PS 
Series systems with more than 
7TB of capacity that support 12 


“I spent half of what I budget- 
ed, doubled my capacity, and it 
performed flawlessly,” he says. 


from consolidating storage. 

Early misgivings about iSCSI’s ca- 
pabilities have faded. Tarala was wary 
of the performance and reliability of 
the Serial ATA (SATA) drives used in 
EqualLogic’s system but says the new 
SAN’s performance has been compa- 
rable to the system he retired. 

The new storage system is also 
more efficient to run. Because the 
SAN is IP-based, Tarala’s Windows 
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server administrators can manage it. 

“You don’t have to wait to bring in 
an outside technician to check that the 
[Clariion] tuned the array,” he says. 
And moving from direct-attached to 
networked storage has improved staff 
productivity. “Everything boots from 
the SAN, and they can bring up a new 
Windows 2003 server in 20 minutes,” 
Tarala says. 

Until recently, the major SAN ven- 
dors were reluctant to release iSCSI 
products, citing maturity issues and 
server CPU performance bottlenecks 
that might arise in processing traffic 
associated with iSCSI and the chatty 
TCP/IP protocol. But thanks in part to 
faster processors, that bottleneck nev- 
er materialized for Tier 2 applications. 


Smaller Vendors Lead 


Smaller vendors, such as EqualLogic, 
StoneFly Networks Inc. in San Diego 
and Intransa Inc. in San Jose, have tak- 
en the lead in offering iSCSI target 
storage, while larger players such as 
EMC Corp. have offered iSCSI ports on 
Fibre Channel SANs and multiprotocol 
switches. 

But native iSCSI storage arrays are 
less expensive, and early buyers are 
deploying them to support e-mail and 
database servers, backup and other de- 
partmental applications that don’t re- 
quire the high I/O that Fibre Channel 
delivers — and that won’t support the 
cost of Fibre Channel SAN switches 
and host adapters. 

Now Tier 1 vendors are jumping in. 
IBM, which withdrew an early iSCSI 
array, has returned to the market with 
the TotalStorage DS300. EMC recently 
announced new Clariion AX and CS 
Series models that offer native iSCSI 
connectivity to Fibre Channel, parallel 
ATA or SATA disk arrays. Every major 
vendor will have a native iSCSI SAN 
offering by year’s end, says Gray. 

That’s important to users such as 
Robert Stevenson, a technology strate- 
gist at Nielsen Media Research Inc. in 
New York. “Initially, we were very cau- 
tious about moving into the iSCSI 
space [because] the larger players 
were dismissive of it,” he says. But like 
Tarala, he found the cost and manage- 
ability benefits outweighed his initial 
concerns. 

Stevenson started last year with an 
IP5000 iSCSI target array from Intran- 
sa to support a virtual tape library ap- 
plication, then he added another unit 
to house small Sybase Inc. databases 
that sit behind Nielsen’s TV ratings 
system applications. 

A third IP SAN from EqualLogic is 
in the lab as part of a project to host a 
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larger data warehouse. At about $3 per 
gigabyte, storage on the Intransa sys- 
tem is “very economically compelling,” 
Stevenson says. 

With more than 10TB on iSCSI- 
based storage, Stevenson’s biggest 
concern now is rolling administration 
of those systems into the storage re- 
source management tools that control 
the rest of his 1.2 petabytes of net- 
worked storage. Unfortunately, his cur- 
rent tools don’t fully support iSCSI. 

Management of iSCSI SAN systems 
has trailed behind hardware and infra- 
structure development, and standards 
like the Storage Networking Industry 
Association’s (SNIA) Storage Manage- 
ment Interface Specification have yet 
to catch up. 

Support for mixed environments like 
the one Stevenson is considering are 





iSNS: The Internet Storage Name Service, & 
currently an IETF draft standard, provides & 
for both automated discovery and authenti- # 
cation support for iSCSI devices. The stan- ; 
dard is expected to be finalized this year. i 

t 

i 


SMI-S: The Storage Management Inter- 


face Specification is a SNIA ini- 
tiative to develop a common ATAGIANCE. 
management interface for stor- 


age networks. SNIA’s work is being stan- ! 


dardized through the InterNational Com- 

mittee for Information Technology Stan- i 
dards. Support for iSCSI within the SMI-S 
specification is still evolving. 1 
ee ae ee eee ee ree ere 
MPIO: Microsoft Corp.'s multipath 1/0 ‘ 
technology enables multipathing for Win- 1 


an even bigger challenge. “How do I 
manage an end-to-end environment 
when the iSCSI host may be several 
hops away on a Gigabit Ethernet 
switch or IP router and the proxy Fibre 
Channel target is on the other side of a 
multiswitch SAN?” he says. 

But those concerns aren’t stopping 
users from creating stand-alone IP 
SANs to target specific applications. 
For example, Siemens Corporate Re- 
search Inc. in Princeton, N.J., added an 
iSCSI interface to its Network Appli- 
ance Inc. filer to back up its IBM Ra- 
tional ClearCase change management 
software. ClearCase wanted to issue 
block-writes to direct-attached disks; 
an iSCSI interface allowed the storage 
to be migrated to the filer, where it 
could be backed up using NetApp’s 
Snapshot technology. 


dows hosts attached to iSCSI or Fibre 
Channel SANs. MPIO can be used to facili- 
tate fail-over or load balancing. A new fea- 
ture in Version 2 of Microsoft's iSCSI initia- 
tor for Windows, MPIO is likely to become 
the de facto standard for providing multiple 
communication paths between Windows 
hosts and IP SANs. 
VDS: Virtual Disk Services is 
Microsoft's tool for managing heteroge- 
neous storage systems for Windows sys- 
tems. The current version supports only 
Fibre Channel, but VDS 1.1 will also support 
iSCSI. It will be released in mid-2005, six 
weeks after Service Pack 1 for Windows 
Server 2003 ships, says Microsoft. 

- Robert L. Mitchell 
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“The entire [300GB] backup takes 
less than two minutes,” says Ramesh 
Viswanathan, director of computer and 
network administration. Adding iSCSI 
support required a simple, free down- 
load from NetApp. “We didn’t have to 
invest in new hardware,” he says. 

Bruce Waslie says moving a SQL 
Server database on an IP SAN can re- 
duce administrator headaches. Last 
summer, a rapidly growing SQL data- 
base that served an imaging applica- 
tion hit 90% of capacity, says Waslie, 
senior systems engineer at Koch Logis- 
tics, a transportation and distribution 
services provider in St. Paul, Minn. Ex- 
panding the direct-attached arrays was 
sometimes problematic and required 
taking the system down after hours. 

Waslie moved the data onto three 
iSCSI-based Network Storage Module 
150 appliances from LeftHand Net- 
works Inc. in Boulder, Colo. “The last 
time I had to expand [storage], I did it 
in minutes — and I didn’t have to come 
in on a Sunday,” he says. 

Still, experienced users have other 
reservations about IP-based storage — 
especially with regard to the IP net- 
work. Waslie isolated his IP SAN traf- 
fic on a physically separate network 
for security and to allow for out-of- 
band management. 

Stevenson says project planners 
should make sure sufficient bandwidth 
is available on the existing network be- 
fore adding iSCSI traffic. And adding 
IP SAN devices, which require static 
IP addresses, also increases complexi- 
ty. “These static IP connection points 
make it very different to upgrade the 
storage frames in a heterogeneous en- 
vironment,” he says. 

While iSCSI is gaining ground for 
backups and second-tier applications, 
Stevenson already envisions using IP 
SANs for a more mission-critical appli- 
cation at Nielsen. His group wants to 
create a copy of a 40TB data ware- 
house for the development team, but 
without spending $4 million on a Fibre 
Channel SAN. “You can get cheap 
blade servers and get iSCSI to them 
and put it on SATA [disk arrays], and 
you've got low cost,” he says. 

As Nielsen eventually migrates to 
10 Gigabit Ethernet, Stevenson expects 
IP SANs to move still higher into his 
tiered storage architecture. Even today, 
he says, “it tends to perform at a higher 
tier than you would think.” @ 53298 


MICROSOFT'S ROLE 


To learn more about how Microsoft has supported 
adoption of IP SANs, visit our Web site: 


QuickLink 53418 
www.computerworld.com 
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NETWORK SECURITY 


WOLVES PROWL OUTSIDE - OR WORSE, INSIDE —- YOUR NETWORK. 
NEED PROOF? CONSIDER: 


Malicious code attacks on company networks to steal confidential information 
has risen nearly 50 


of companies cited employees as a likely source of hacking 


93% of companies who lose data center access for 10 days file bankruptcy within 
a year. Half file immediately 


A network breach compromising corporate data costs on average $475,000 
in losses and recovery 


YOU'RE IN A RACE YOU CAN’T WIN AGAINST AN INTRUDER YOU WON’T DETECT. 
UNLESS YOU JUNIPER YOUR NET, NOW. 


> UNRIVALED, INTRINSIC NETWORK SAFETY. ONLY FROM JUNIPER. 
A Juniper network is simply more secure. Why? Security is inherent in our exclusive 
operating system: Clean code = unparalleled, impenetrable security. 


> SECURE, ASSURED NETWORKING. ONLY FROM JUNIPER. 
No restraints: The network works for you, not vice versa. No compromises: It’s 
unprecedented application layer intelligence — your network understands who 
you are and what you are doing, second-by-second, end-to-end. No kidding: That's 
Juniper's Secure & Assured Networking. Security, with assured performance, means 
a network tailored to you — exactly — for unfaltering control. Just because users have 
access doesn’t mean they should have the run of all resources. Juniper's deep 
inspection firewalls, Intrusion Detection and Prevention and application-aware remote 
access SSL VPNs deliver application-level security — for application-specific quality, 
network wide. It's a purpose-built platform ever-monitoring critical apps, data and 
intellectual property. 


Juniper architecture is wholly interoperable with the world’s largest networks and 
totally uncompromised by connections to legacy equipment. Another reason Juniper 
means lower TCO. 


> ENTERPRISING, ENTERPRISE-PROVEN SOLUTIONS? ONLY TRUST JUNIPER. 
Juniper's carrier-class performance, intelligence and security — once available only to 
service providers — is here for your enterprise. That’s why we’re the brand of network 
security chosen by many of the governmental agencies and financial titans who underpin 
our nation’s strength and stability. And why you can embrace the multiple applications, 
platforms and configurations your ever-changing network throws at you. 


Rest easy knowing Juniper products — and our sophisticated security - mean incredible 
scalability, while still providing superior speed, reliability and performance. 


> WHAT YOU CAN DO NOW: ONLY CALL JUNIPER. fi 
For more information — including innovative, 
insightful case studies and white papers — go to: 
http: //www.juniper.net/solutions /literature/ 


www.juniper.net 


888-JUNIPER (888-586-4737) 


© 2005 Juniper Networks 
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CONTINENTAL AIRLINES INC. encountered a bit of 
turbulence last year when it decided to shift the 
ticket-reissue application it had built for Unix-based 
servers to a full open-source software stack with a 
64-bit database server. 

There were no 64-bit editions of some of the key 
drivers and software products that the Houston- 
based airline needed for the application. So develop- 
ers had to trek to Hewlett-Packard Co.’s service cen- 
ter to test and certify the drivers to run in 32-bit 
native mode on the 64-bit HP Linux systems. 

Continental had to launch the application in Sep- 
tember with the MySQL database servers in 32-bit 
mode and wait about five months for the 64-bit edi- 
tion of HP’s Serviceguard for Linux, which would pro- 
vide the high availability it wanted. Within the next 
three weeks, the company expects to move its clus- 
tered 64-bit database servers from the lab to produc- 
tion, says Michael McDonald, director of technology. 

Even before that happens, the application has been 
paying dividends on the open-source stack. A ticket- 
reissuing process that once took highly experienced 
agents an average of 20 minutes to complete can now 
be performed by customers visiting Continental’s Web 
site. Later this year, customers will be able to access 
the application through self-service airport kiosks. 

Moving from an ad hoc manual process to the 
Unix-based application running on 450-MHz HP 
NonStop servers initially cut the average transaction 
time to 15 seconds. Switching last September to 
faster Opteron-based HP servers for the database 
and Xeon-based boxes for the application and Web 
servers, all running on Linux, sliced the time to two 
seconds, according to McDonald. 

Although the airline’s approach may not be entire- 
ly unique, it’s hardly commonplace among well- 
established corporations. In an IDC poll of Linux 
users released last July, just 27% of the respondents 
said they run databases on Linux. And with Conti- 
nental, it’s not only a database but also will be a 
64-bit MySQL database running on Linux. 

“They’re leading-edge. You’re not even talking 
about hundreds of companies that are using 64-bit 
MySQL,” says Gartner Inc. analyst Donald Feinberg. 

In comparison, the Apache Web server and JBoss 
application server that Continental selected are far 
more popular choices. Meta Group Inc. analyst 
Thomas Murphy says many of his clients are decid- 
ing they don’t need or want all of the J2EE technolo- 
gy and are opting for open-source stacks that are 
faster to develop on and to deploy. 

But the use of a full open-source stack tends to be 
less prevalent in corporate IT development shops, ac- 
cording to Daryl Plummer, a Gartner analyst. “There 
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Lory a uae Lie didn’t view the move to Linux as being particularly risky. 
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are a lot more successes for people who have adopt- 
ed parts of the open-source stack,” he says. “It’s usu- 
ally more for fringe or Web applications, but it’s mov- 
ing more and more toward the critical ones every day.” 


Becoming Mission-Critical 

Continental’s ticket-reissue application didn’t start 
out as mission-critical. After all, it didn’t even exist 
when the development team started the project. 

But the application now provides an audit trail for 
$400,000 in ticket reissues per day, according to 
Michael Natale, the airline’s chief technology officer. 

Natale says the application also gives customers a 
consistent price, whether they use it through the 
Web site or call an agent who accesses a custom ver- 
sion of the application through a PC. 

If Continental had taken the traditional approach, 
it would have developed the application for its main- 
frame-class IBM Transaction Processing Facility 
(TPF) system using assembler code and made the 
application available only to agents using green- 
screen terminals. Instead, the project team wrote the 
application using Java technology, knowing that it 
would work well with the company’s Unix platform 
and afford more options at the presentation layer. 

The developers initially wrote the application for 
the built-in software stack of HP NonStop servers but 
soon found that the package was “overkill” for their 
needs, Natale says. “The total cost of ownership didn’t 
warrant keeping it on that [proprietary] platform 
when the same availability and uptime were available 
with open-source technologies,” he says. “We’re an 
airline in an industry with tough, lean times right now, 
so we're trying to do things as efficiently as possible.” 

Continental’s developers had also found the 450- 
MHz processors to be “a handicap” for running the 
Java code, says McDonald. “Java relies on the speed 
of the processors to execute the code base,” he says. 
“The faster the processor, obviously, the faster your 
code’s going to execute.” 

Swapping out the proprietary database, application 
and Web servers for open-source alternatives running 
on Linux went smoothly. And with support from HP 
and Red Hat Inc., McDonald didn’t view the Linux 
decision as particularly risky. He says he had already 
witnessed continuous uptime of as long as 300 days 
while running Linux on development machines. 

“The platform is mature enough now for enter- 
prise applications,” Natale says. 

Continental now runs 10 dual-processor HP blade 
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servers for the application and Web servers, and a 
hardware device load-balances them. Running on the 
cheaper commodity blades allows the company more 
flexibility to expand its server farm if transaction 
volume starts to spike. The IT department merely 
needs to plug in a server and run a script to install 
Linux, JBoss, Apache and the application. “It’s ready 
to go in under four minutes,” says McDonald. 

For the database servers, Continental needed more- 
powerful boxes and opted for three quad-processor 
HP ProLiant servers, with the vendor’s Serviceguard 
for Linux for high availability. “We assume that 
whenever the application server’s available that the 
database should always be there,” McDonald says. 

Continental uses the database for persistence, 
through objects stored in the server. When a client 
makes a request, business logic at the application 
server level takes over and calls the database. The 
database, in turn, makes an average of 20 calls to the 
TPF system to retrieve the information. 

A price is formulated and displayed to the cus- 
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tomer. No additional processing is needed, regardless 
of whether the customer accepts or rejects the price, 
since Continental simply reads the state of the object 
from the database, McDonald notes. Changes are 
then committed to the TPF system, and the ticket is 
reissued. Or, if the customer has rejected the price, 
notations are made in the TPF records. 

Plans call for the next iteration of the application 
to be able to calculate refunds. Developers will mere- 
ly extend the current application architecture to do 
so, McDonald says. 

By then, Continental hopes to have resolved a 
prickly issue over pricing with Electronic Data Sys- 
tems Corp., which manages its data centers. EDS 
wants to view the quad-processor database servers 
as midrange boxes, and Continental thinks they 
should be viewed more like Windows servers on 
commodity hardware. 

“The more Linux systems that you get into your 
data center, the less it costs per server to maintain,” 
McDonald says. “Once you pass a certain point, the 
cost per server goes down tremendously. So it’s just a 
matter of time before you get enough servers in the 
data center to make it economically feasible.” 


Finding More Uses for Linux 


But the pricing debate isn’t stopping Continental 
from expanding its Linux environment. A “flight 
farming” project running on open-source software 
polls the ticket database to pull out duplicate passen- 
ger-name records, Natale says. 

Continental and EDS are also in the process of par- 
titioning the TPF mainframe and moving some sub- 
systems to a distributed environment of cheaper com- 
modity Linux servers, McDonald says. The subsys- 
tems include pricing, scheduling and seat inventory. 

“The TPF systems have been taxed out so much in 
the last few years that we’re running out of capacity 
on some of those mainframes,” McDonald says. “You 
have to move some of that off [the mainframe], or at 
least distribute it.” 

Continental is following the lead of companies such 
as Sabre Holdings Corp. and Cendant Corp., which 
have already moved some processing off their main- 
frames. With so many customers shopping for the 
best fares on Web sites, travel providers are looking 
for more cost-effective ways to provide those services. 

“It’s free for people sitting in their living rooms to 
click around,” McDonald says, “but somebody has to 
pay the price for those transactions — and it’s us.” 

Money-generating transactions, such as booking 
and ticketing, remain on Continental’s tried-and-true 
mainframes. 

Even though the more stable 2.6 Linux kernel is 
now supported by the most popular commercial Lin- 
ux distributions from Red Hat and Novell Inc., many 
companies remain cautious about migrating impor- 
tant systems to the open-source operating system. 

Gary Hein, an analyst at Burton Group, says clients 
tell him, “What’s the motivation for me to put my 
neck on the line, when Oracle on Solaris is the core 
of my business and it functions just perfectly?” But 
he also finds that once users have a good experience, 
they’re more inclined to take the plunge again. 

“Success breeds success,” Hein says. “They’re hesi- 
tant to do the first one. But after they do, they say, 
‘Wow. That’s hard not to do’” @ 53189 
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Biometric 
Authentication 


DEFINITION 
Biometric authentication is the 
verification of a user’s identity 
by means of a physical trait or 
behavioral characteristic that 
can’t easily be changed, such 


as a fingerprint. 


BY RUSSELL KAY 
N THIS COMPUTER- 
driven era, identity theft 
and the loss or disclo- 
sure of data and related 
intellectual property are 

growing problems. We each 

have multiple accounts and 
use multiple passwords on an 
ever-increasing number of 
computers and Web sites. 

Maintaining and managing ac- 

cess while protecting both the 

user’s identity and the com- 
puter’s data and systems has 
become increasingly 
difficult. Central to all 
security is the concept 
of authentication — 
verifying that the user 
is who he claims to be. 
We can authenti- 
cate an identity in three ways: 
by something the user knows 

(such as a password or per- 

sonal identification number), 

something the user has (a se- 
curity token or smart card) or 
something the user is (a physi- 

cal characteristic, such as a 

fingerprint, called a biomet- 

ric). (For more on authentica- 
tion, go to QuickLink a5630.) 
All three authentication 
mechanisms have drawbacks, 
so security experts routinely 
recommend using two sepa- 
rate mechanisms, a process 
called two-factor authentica- 
tion. But implementing two- 
factor authentication requires 
expensive hardware and infra- 
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structure changes. Therefore, 
security has most often been 
left to just a single authentica- 
tion method. 

Passwords are cheap, but 
most implementations offer 
little real security. Managing 
multiple passwords for differ- 
ent systems is a nightmare, re- 
quiring users to maintain lists 
of passwords and systems that 
are inevitably written down 
because they can’t remember 
them. The short answer, 
talked about for decades but 
rarely achieved in 
practice, is the idea 
of single sign-on. 
[QuickLink 25640]. 

Using security to- 
kens or smart cards re- 
quires more expense, 
more infrastructure support 
and specialized hardware. Still, 
these used to be a lot cheaper 
than biometric devices and, 
when used with a PIN or pass- 
word, offer acceptable levels 
of security, if not always con- 
venience. 

Biometric authentication 
has been widely regarded as 
the most foolproof — or at 
least the hardest to forge or 
spoof. Since the early 1980s, 
systems of identification and 
authentication based on physi- 
cal characteristics have been 
available to enterprise IT. 
These biometric systems were 
slow, intrusive and expensive, 
but because they were mainly 


used for guarding mainframe 
access or restricting physical 
entry to relatively few users, 
they proved workable in some 
high-security situations. 
Twenty years later, computers 
are much faster and cheaper 
than ever. This, plus new, in- 
expensive hardware, has re- 
newed interest in biometrics. 


Types of Biometrics 

A number of biometric meth- 
ods have been introduced over 
the years, but few have gained 
wide acceptance. 

Signature dynamics. Based on 
an individual’s signature, but 
considered unforgeable be- 
cause what is recorded isn’t 
the final image but how it is 





produced — i.e., differences in 
pressure and writing speed at 
various points in the signature. 

Typing patterns. Similar to 
signature dynamics but ex- 
tended to the keyboard, recog- 
nizing not just a password that 
is typed in but the intervals 
between characters and the 
overall speeds and pattern. 
This is akin to the way World 
War II intelligence analysts 
could recognize a specific 
covert agent’s radio transmis- 
sions by his “hand” — the way 
he used the telegraph key. 

Eye scans. This favorite of 
spy movies and novels pre- 
sents its own problems. The 
hardware is expensive and 
specialized, and using it is 
slow and inconvenient and 
may make users uneasy. 

In fact, two parts of the eye 
can be scanned, using differ- 
ent technologies: the retina 
and the iris. 

Fingerprint recognition. Every- 
one knows fingerprints are 
unique. They are also readily 
accessible and require little 
physical space either for the 
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security researchers have shown that they’re fairly easy to fool 
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reading hardware or the 
stored data. 

Hand or palm geometry. We’re 
used to fingerprints but sel- 
dom think of an entire hand as 
an individual identifier. This 
method relies on devices that 
measure the length and angles 
of individual fingers. Although 
more user-friendly than retinal 
scans, it’s still cumbersome. 

Voice recognition. This is dif- 
ferent from speech recogni- 
tion. The idea is to verify the 
individual speaker against a 
stored voice pattern, not to 
understand what is being said. 

Facial recognition. Uses dis- 
tinctive facial features, includ- 
ing upper outlines of eye sock- 
ets, areas around cheekbones, 
the sides of the mouth and the 
location of the nose and eyes. 
Most technologies avoid areas 
of the face near the hairline so 
that hairstyle changes won't 
affect recognition. 


The Current Leader 


Because of its convenience 
and ease of use, fingerprint 
authentication is becoming 
the biometric technology of 
widest choice. A growing 
number of notebook PCs and 
computer peripherals are 
coming to market with built-in 
fingerprint readers. Scores of 
products are available, includ- 
ing keyboards, mice, external 
hard drives, USB flash drives 
and readers built into PC card 
and USB plug-in devices. Most 
of these units are relatively in- 
expensive. 

These devices allow the 
user to maintain encrypted 
passwords that don’t need to 
be remembered but instead 
are invoked after the user puts 
his finger on the reader. This 
can also be used with a sepa- 
rate PIN or password to offer 
true two-factor authentication. 
@ 53319 


Kay is a Computerworld con- 
tributing writer in Worcester, 
Mass. Contact him at russkay@ 
charter.net. 


Are there technologies or issues you'd like 
to learn about in QuickStudy? Send your 
ideas to quickstudy@computerworld.com. 


To find a complete archive of our 
QuickStudies, go online to 
@Q computerworld. 
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Downtime Becomes 


Documentation Time 


Our security manager takes advantage of a 
lull in the usual hectic pace to catch up on 
some important stuff. By Mathias Thurman 


HE PAST WEEK wasn’t 

extremely insane for a 

change, so I focused 

on completing some 
much-needed documentation 
and organization of some of 
our recent activities. The first 
area I tackled was the ongoing 
and tiresome Sarbanes-Oxley 
project. 

At this point in this seem- 
ingly never-ending initiative, 
all of the IT security controls 
have been identified, tested, 
remediated and, most 
importantly, automat- 
ed and made repeat- 
able. Those last two 
items are key, since 
having automated 
and repeatable proc- 
esses will save us 
time when we have to demon- 
strate compliance with Sar- 
banes-Oxley Act mandates 
again. In addition, having au- 
tomated and repeatable proc- 
esses will help with any other 
audits or attestations that we 
may be responsible for, since 
other regulations will most 
likely encompass the same ac- 
tivities covered by Sarbanes- 
Oxley. 

Now it’s just a matter of 
putting together some docu- 
mentation about the processes 
so that in years to come we 
can quickly produce the infor- 
mation needed to ensure con- 
tinued compliance. I’ll explain 
with a couple of examples. 


Following the Rules 
During the IT security portion 
of our Sarbanes-Oxley project, 
dozens of control objectives 
were identified, and we came 
up with repeatable methods 
to test against those controls. 
One control that we identified 
involves ensuring that users 
are restricted from logging 
into an “in-scope” Unix sys- 
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tem directly as root. The prop- 
er method for gaining root- 
level access is to log in with 
an assigned user account and 
SecurID token and then issue 
the “switch user” (SU) com- 
mand to gain root-level access. 
But there are always people 
who seem to be either too lazy 
or too inconvenienced to fol- 
low these rules. Yes, our Unix 
systems are configured to 
deny direct root log-ins, but 
console servers are attached 
to each system for 
emergency access in 
the event that an in- 
terface goes down 
and an administra- 
tor needs to trou- 
bleshoot. The need 
to provide such 
emergency access is real, es- 
pecially in remote data cen- 
ters, but the console access 
provides a user with root- or 
administrator-level privileges. 
Whenever an administrator 
accesses the system, though, 
logs are generated that identi- 
fy the method of access and 
the use of SU to gain root- 
level access. Part of the Sar- 
banes-Oxley control objective 
states that these logs are to be 
regularly reviewed in order to 
monitor methods of access. 
The documentation I creat- 
ed discusses the responsibil- 
ity, frequency, location and 
methodology of reviewing 
those logs. Eventually, we will 
put some technical controls in 
place so that we won’t have to 
review logs manually, but for 


Although a lot 
of documentation 


ends up on a shelf, 
it can be worth its 
weight in gold. 





now, this activity satisfies that 
particular control objective. 

Another example: We have 
written scripts that check for 
modifications of configuration 
files, the presence of unautho- 
rized files, unauthorized en- 
tries in certain files or other 
changes that may cause a de- 
parture from our defined se- 
curity baseline and the con- 
trols identified as part of the 
Sarbanes-Oxley audit. But 
when creating these scripts, 
we never took the time to fully 
document the procedures, the 
locations of scripts and other 
pertinent information. Al- 
though some notes were taken 
and some high-level explana- 
tions were provided to satisfy 
auditors, none of that reached 
the level of aetailed documen- 
tation. So, over the past couple 
of weeks, I took the time to 
document the details. For each 
control objective, I annotated 
the particular script, the out- 
put, where results were stored 
and the method, frequency 
and annotation of the review 
of the results. 


Document Safeguards 
Over the years, I’ve created an 
abundance of documentation, 
ranging from policy to stan- 
dards and guidelines. For the 
most part, these documents sit 
undisturbed on a shared drive 
or in a binder collecting dust. 
I’m sure that this Sarbanes- 
Oxley document will fall into 
that same category, but at least 
it’s available in the event that 
auditors ask for it. 

I spent the rest of the week 
documenting various aspects 
of our recent RSA SecurID de- 
ployment. First, I finished up 
the run books for the Web Ex- 
press application. As I’ve men- 
tioned before, we deployed 
RSA Web Express to aid in the 
deployment of SecurID to- 
kens. Our IT department uses 
run books to annotate infor- 
mation needed to perform 
general day-to-day mainte- 
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gencies such as service out- 
ages and performance prob- 
lems. Typically, our run books 
contain information regarding 
hardware, software, the appli- 
cation, dependencies, points 
of contact, backups, fail-over 
instructions and so on. I hadn’t 
taken the time to properly an- 
notate the run books, so I 
spent a day completing that 
task. I also wrote an adminis- 
trator’s guide, a user’s guide 
and a matching quick refer- 
ence, or cheat sheets. It’s al- 
ways nice to provide a couple 
of formats for users and ad- 
ministrators who want only 
the steps and don’t care to see 
illustrations or other details. 

This step is critical, since 
properly annotated documen- 
tation will prevent an influx of 
help desk calls. I always take 
advantage of stressing a com- 
mon help desk issue through 
mass communication versus 
forcing the users to call. Nor- 
mally, I would have a technical 
writer at my disposal, but re- 
sources are tight these days, 
so we create documentation 
ourselves and pass it around 
within the department for 
readability and quality assur- 
ance purposes. 

Although a lot of documen- 
tation ends up sitting on a 
shelf, I still feel that it can be 
worth its weight in gold, espe- 
cially when employees with 
important knowledge leave 
the company or when we’ve 
forgotten details of an applica- 
tion that we installed and con- 
figured in the distant past. 
And while I’m on that topic, 
it’s always a good idea to have 
a knowledge base available to 
annotate miscellaneous tips 
and tricks regarding applica- 
tions in the environment. 

Documentation is never an 
enjoyable activity, but at the 
end of the day, you'll generally 
be glad you did it. DB 


WHAT DO YOU THINK? 


This week's journal is written by a real securi- 


ty manager, “Mathias Thurman,” whose 
name and employer have been disguised for 
obvious reasons. Contact him at mathias_ 
thurman@yahoo.com, or join the discussion 
in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to: 
@ computerworld. nal 
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a major type of buffer overflow 
vulnerability. Several case 
studies put it all together by 
analyzing some popular ex- 
ploits. Chapters end with fre- 
quently asked questions 
(which could be used as a 
quiz) and references to a mul- 
titude of related software and 
Web links. | will surely use this 
book as | conduct application 
assessments. 

- Mathias Thurman 


Group Tackles 
VoIP Security 


A group formed to head off 
voice-over-IP security prob- 
lems laid out its first set of pri- 
orities last week: setting up a 
taxonomy to classify threats 
and establishing the require- 
ments for making VoIP secure. 
The VolP Security Alliance, 
which was established in Feb- 
ruary, includes Verizon Com- 
munications Inc., VeriSign Inc. 
and about 50 other vendors 
and service providers. 


Security at a Glance 
Network Intelligence Corp. 
released a new version of its 
enVision security event man- 
agement software that fea- 
tures a dashboard designed to 
let administrators see security 
and compliance status in real 
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Find the tools and guidance you need for a well-guarded network 
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Microsoft Windows XP Service Pack 2: Download it for 
free and get stronger system control and proactive protection 
against security threats. 

> Free Tools & Updates: Download free software like Microsoft 
Baseline Security Analyzer 2.0 to verify that your systems are 
configured to maximize security. Manage software updates 
easily with Windows Server Update Services. 


> Microsoft Risk Assessment Tool: Complete this free, Web-based 


self-assessment to help you evaluate your organization's security 
practices and identify areas for improvement. 


Internet Security and Acceleration Server 2004: Download 
the free 120-day trial version to evaluate how the advanced 
application-layer firewall, VPN, and Web cache solution can 
improve network security and performance. 


Microsoft 
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Azaleos Releases 
Exchange Appliance 


® Azaleos Corp. in Issaquah, 
Wash., last week launched a 
managed Exchange 2003 mes- 
saging appliance, the Azaleos 
OneServer, and the accompany- 
ing OneStop subscription service. 
The appliance integrates enter- 
prise server hardware, special- 
ized software and managed 
subscription services into a 
device that supports up to 2,500 
user accounts, the company said. 
Pricing for the appliance starts 
at $35,000 and includes 1TB of 
storage; the OneStop subscription 
begins at $7 per month per user. 


AmberPoint Unveils 
SOA Dashboards 


@ AmberPoint Inc. has announced 
dashboards for its service-orient- 
ed architecture management 
software. The dashboards enable 
users to more precisely pinpoint 
trouble areas and pull data from a 
broader range of systems than 
they could previously, according 
to the Oakland, Calif.-based com- 
pany. Pricing was not announced. 


Nemonix Rolls Out 
Hardware for Alpha 


@ Nemonix Engineering Inc. last 
week announced that it’s making 
hardware for AlphaServer sys- 
tems, which Hewlett-Packard Co. 
is retiring next year. The con- 
troller for the AlphaServer has 
two Gigabit Ethernet ports on a 


single PCI-X card and is priced at 


$899, according to the Holliston, 
Mass.-based company. 


Informatica and 


Inc. in San Mateo, Calif. Under 
the agreement, Redwood City, 
Calif.-based Informatica will offer 
the Composite Information Server 
as a complement to its Power- 
Center data integration platform. 
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Joining the Federation 


NFORMATION TECHNOLOGY, along with its 

cousin biotechnology, is a big driver of the 

dynamic lexicon. Biotechnologists usually coin 

words about biological things from thin air or 

revert to dusty Greek or Latin to introduce 
words into English. IT likes to recycle language, adding 
heft to the dictionary with new uses for old words. 


The latest word to be 
reinvented by IT is federa- 
tion. It describes technol- 
ogy unions relying on new 
forms of data integration. 

Federation languished for 
eons in the linguistic back- 
waters, competing with 

the likes of league and 
union to describe political 
liaisons, for better or for 
worse. Reinvented with a 
techno spin, it’s now as hot 
as lofts in a gentrified ware- 
house district. 

The movement to recast federation 
got its impetus with identity manage- 
ment around 2002. Various industry 
bodies like the Liberty Alliance and 
OASIS were drawing up standards to 
enable the joining of trusted networks 
into even larger chains of trust. Some 
technical thinker had a eureka mo- 
ment and correlated a lesson from 
political history, ergo federated identi- 
ties. Federated identities gave rise to 
federated networks. (If you are a 
purist, maybe that’s backward.) 

Federated networks are just getting 
started, but they will be huge in deliv- 
ering authenticated and authorized 
users for secure e-commerce commu- 
nities in the wired and wireless worlds. 
Secure users are key to streamlining 
supply and distribution chains for 
more efficient business. Federation in 
identity management has even mor- 
phed into a verb form: Federate now to 
put your islands of identity to work 
authorizing, controlling and logging 
your users’ access for compliance with 
the Sarbanes-Oxley Act. 





Federation quickly 
achieved rock-star status 
as a recycled word, join- 
ing instance, image, parent 
and child, cache and bus 
among the panoply of 
innocuous words blessed 
by technology with a new 
meaning. The word feder- 
ation has become fecund 
and given rise to more 
federation — federated 
management, federated 
configurations, federated 
databases, federated 

directories, federation ad infinitum. 
Integrating discrete elements is passé; 
it simply won't do if one can federate 
and achieve a higher order of inter- 
operability. 

And making data structures interop- 
erate more efficiently is the central 
theme underlying federation of all 
types. Virtual directories provide the 
foundation for enterprise information 
integration, or EII, a layer of abstrac- 
tion to bring widely distributed and 
decentr:lized islands of data into a 
unified whole. Virtual directories were 
not invented to facilitate federated 
identities, but federated networks 
would be nowhere without virtual 
directory technologies, which unite 
islands of identity data into a central- 
ized management framework for 
stronger security. 

With virtual directories, there’s 
no need to copy or replicate data 
into a central repository. The identity 
data can stay in its traditional reposi- 
tory in finance, human resources or 
building security, close to the owners 
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how to manage it. 

Virtual directories create data about 
the data — metadata — that describes 
how to find the desired islands of infor- 
mation, how to convert the data in the 
islands into a desired format, how to 
read it into the target application and 
how to update the data once it has been 
used. Virtual directories save time and 
lots of money and prevent the endless 
arguments among federation members 
over who owns the information. 

Identities and networks may have 
been the first to be federated, but they 
are no longer unique. Virtual directo- 
ries and EII underlie a growing usage 
of federation. Federated management 
and federated configurations will be 
necessary to provide efficient and se- 
cure service management for layers of 
distributed infrastructure information. 

Implementing new IT governance 
standards, such as the IT Infrastruc- 
ture Library, will simply be impractical 
without federated information built on 
virtual directories. Federated databas- 
es will have metadata at the intersec- 
tion, to describe where and how to 
read and write data from underlying 
data structures. 

Federated data and EII will be big 
enablers of Web services, helping 
component applications to be de- 
ployed far more rapidly, without con- 
cern for data formats or locations. In 
just a few short years, we could have a 
new dictionary entry for federation, 
rooted in IT. 

The smart people in biotechnology 
are going to have to come up with their 
own federation paradigm to solve their 
problems. They’re going to have to de- 
velop federated biology — unified 
colonies of distributed and discrete 
information connected by a central 
nervous system for the greater good. 
That sounds like an ancient biological 
construct — the jellyfish. @ 53332 


For more columns and links to our archives, go to 





Got Questions About 


Enterprise Mobility? 


Computerworld’s IT Executive Summit Has the Answers 


If you're an IT executive in an end-user 

organization, apply to attend Computerworld’s 
upcoming complimentary half-day sumimit on 
wireless broadband access for the enterprise. 


ClOs and senior IT executives are finding that 
replacing multiple remote access technologies 
with wireless broadband access to the enterprise 
can play a key role in boosting employee 
productivity and streamlining IT support while 
significantly reducing operational costs. 


As the workforce becomes increasingly mobile, 
the variety and number of remote access 
devices as well as the need to secure the data 
they send and receive presents a daunting 
challenge for today's enterprises. 


By leveraging the knowledge of industry experts 
and the real-world experience and advice of your 
IT peers, this IT Executive Summit will provide an 
overview of effective strategies for overcoming 
the obstacles in deploying wireless broadband 
access for the enterprise. 


* Complimentary registration is restricted tc 


qualified IT executives only 


Apply for registration today 
Contact Chris Leger at 888-299-0155 


or visit: www.itexecutivesummit.com 


Achieving the Mobility Imperative: 
Enabling, Securing and Managing 
Wireless Broadband Access 


New York Marriott Marquis - April 26, 2005 


Cantor Jolson Room, 9th Floor 
1535 Broadway in Times Square, New York City 


7:45am to 8:15am 


8:15am to 8:30am 


8:30am to 9:15am 


9:15am to 9:45am 


9:45am to 10:15am 


10:45am to 11:15 


11:15am to noon 


Sponsored by 


a 


verizonwircless 


Registration and Networking Breakfast 


Introduction and Overview 
Julia King, Executive Editor, Events, Computerworld 


The Next Wireless Evolution 
ain Gillott, Founder, /Gillott Research 


Deploying Wireless Broadband Technology: 
An IT Perspective 

Phillip Hirschel, Cellular Services Manager. 
PriceWaterhouseCoopers 


Refreshment and Networking Break 
Keynote Presentation: 
Broadband Wireless Solutions for the Enterprise 


Roger Gurnani, ClO, Verizon Wireless 


End-User Case Study 


Larry Singer, SVP, Strategic Insight Officer, Sun Microsystems 


Panel Discussion: Real-World Wireless 
Moderator: Julia King, Executive Editor, Events, Computerworld 
Panelists: Norm Fjedheim, SVP and ClO, Qualcomm 
David T. Phillips, Information Systems Manager 
Foley, Inc 
Jenkins Ravenel, Principal, Technology and 
Operations, Network Computing, Bank o 


Joseph Ziskin, VP, Global Telecom Industry, IBM 


Program Concludes 


Co-sponsors 


Selected 
speakers include 


Phillip Hirschel 
Cellular Services Manager, 
Price WaterhouseCoopers 


e 


Tain Gillott 
Founder, iGillott Research 


Roger Gurnani 
CIO, Verizon Wireless 


Norm Fjedheim 
SVP and CIO, Qualcomm 


+. 


Julia King 
Executive Editor, Events, 
Computerworld 
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Mark Your Calendar! 


ENTERPRISE 
MANAGEMENT 


Are you responsible for managing your company’s 
data center assets? Want to exchange innovative 
ideas and strategies with other executives who 


aes share the same objectives? Then attend 
Enterprise Management World, where you'll 


COMPUTERWORLD network with and learn from renowned experts 


and the nation’s top user executives. 


The Leading Conference for: 

* Enterprise IT Management 

* Data Center Management 

* Networked Server and Storage Management 
* Network and Communications Management 
* Infrastructure and Data Architects 

* Systems Integration Specialists 

* Enterprise Security Management 


To register or for more information, 
visit www.emwusa.com/cw 


Attendees at Enterprise Management World 2004, Philadelphia saw solutions from: 
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Think Tank 


A computer forensics expert 
explains the role of CIOs in 
handling a data scandal; and 
research suggests that older 
workers have no problem adapting 
to new IT systems. Page 36 


says to focus on board seats outside of your company and recommends 
targeting small, private, not-for-profit organizations in your search. 


Just Say No 


Sure, IT is supposed to be an 
enabler, but there are times when 
you have to refuse ill-advised 
business requests and hare- 
brained projects. Here’s how to 
do it and survive. Page 38 
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OPINION 
The Wages of Fear 


Using fear as a management 
tool may have worked in 
Machiavelli’s day, 

Glen, but think twice before 
you try it in IT. Page 44 


A former CIO and board 
member tells how to get a seat at 
the ultimate table. By John Blair 


OU SEE THESE gray- 
haired men and women 
heading into the board- 
room once per quarter. 
Often, the CEO ap- 
proaches you a few 

days before this happens and asks for 

a five-line briefing on one or two IT 

initiatives. 

Last year, you were on the agenda to 
give a briefing on the CRM project, but 
it was late in the afternoon and every- 
one was distracted by the emerging re- 





| quirements of something called Sar- 


Your 15-minute slot (far 
too brief) was shortened some more. 
Since only one question was asked, you 
were sure that making the afternoon 
flight was a higher priority to these 


| gray hairs than what you had to say. 


As more and more of the strategic is- 


| sues your company faces have a direct 
| or strong indirect IT component, the 


thought starts to form: “I should be on 


| the board!” 


That’s probably not going to happen. 
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NOT MUCH ROOM. The numbers are 
against you, big time. First, if your em- 
ployer is a larger public company (one 
of the roughly 9,000 companies listed 
on the major stock exchanges), by law 
the majority of directors must be out- 
siders. You are an insider. 

The CEO thinks he should have one 
of the board seats. So does at least one 
other insider, and watchdog groups 
continue to pressure public companies 
to have fewer insiders on the board. 

But you can improve your odds dra- 
matically if you focus outside of your 
company and broaden your targets to 
include small (“microcap”), private 
and not-for profit organizations. 

With that external focus and better 


odds, let’s look at the makeup of a board. 


BOARD MEMBER PROFILES. Status, con- 
nections and expertise all are factors. 
The ideal board member has strong 
general management skills and experi- 
ence plus one or two areas of expertise 
not shared by the other board mem- 
bers. Diverse experience assures that 
the board will miss fewer nuances that 
could allow a small issue to become a 
large problem. 

Many board members are current or 
former CEOs. Because of the require- 
ment that at least one board member 
be financially literate, chief financial 
officers and former audit partners 
from the Big Four accounting firms are 
now being recruited. Other than that, 
the profiles vary widely: business 
“rock stars,” lawyers, industry special- 
ists, investors, representatives of spe- 
cial interest groups and friends of the 
CEO all show up to varying degrees. 

Most new board members either 
have done something for the company 
or are expected to be able to do some- 
thing for the company. For example, 
early in a company’s life, board mem- 
bers with knowledge of and connec- 
tions to funding sources, key regulators 
and potential clients are openly sought. 


YOUR UNIQUE CONTRIBUTION. A recent 
Computerworld article estimated that 
only 5% of current board members 
have IT backgrounds [QuickLink 
51548]. As an experienced and effective 
CIO, however, you bring special exper- 
tise to a board. Moreover, Section 404 
of the Sarbanes-Oxley Act highlights 
the need for IT literacy on boards to- 
day. It requires that the controls for 
financial processes be effective. Many 
of these controls are implemented 
through the financial information sys- 
tems and the applications that provide 
data to the financial information sys- 
tems. So companies need a board 








How It Worked 


ne)e 


My path to a board position with 
Apollo Group Inc. began 25 years 
ago when | was looking for some 
VM PlPAcem Cele MOM Me eel] ome)| 
engineers on my staff. 

A small, nontraditional university 
was able to respond, and that led to 
PMs Ut Om TUM UML eTL0 tects 
CC ee eR eee Cem ict 
to join the university’s board, in part 
because of my IT background. 

Lett ere Lece tye csccrle MUO CoM 
versity was acquired by Apollo. Five 
more years passed, and | was invit- 
ed to join Apollo’s board: 

My path to the board of a high- 
Pie UUM EMSA Tecmo) ier Ta NUE ae. 
bit shorter, but it still took nearly 10 
Nr Les 

It started when | assisted a con- 
sulting client in choosing an IT ser- 
vices company to develop a key 


member who can translate between IT 
and finance. 

Sarbanes-Oxley is just the latest area 
where some specific IT skills are need- 
ed. Six years ago, the issue was Y2k. 
There will be more. Most issues today 
have a significant I'l’ component, and 
effective board members who can 
translate between IT and business will 
continue to grow in importance. 


MAKING IT HAPPEN. This is the hard part. 
Becoming a board member by building 
from an IT experience base isn’t easy, 
because IT hasn’t been a typical source 
of board candidates. If you really think 
you have a board-level contribution to 
make, start to make the moves to gain 
general management experience to 


| complement your proven IT leader- 


ship experience. 

That means if you have three to five 
years of experience running a signifi- 
cant, effective IT organization, plan to 
get out of IT. Look for places where 
you can leverage your experience as a 
CIO but in a general management con- 
text. There are a lot of technology 
companies that need senior managers 
with experience in the corporate IT 
function. 

Another path is to launch your own 
company. As founder, you will gain ex- 





WAG 


business system. A year or two later, 
that IT services company became a 
orev ASUL Cie Mel Lesa Tere (cg 
that, | was invited to join the board 
of the then much larger and newly 
public IT services company. My 
Vee aleUl Cel emuve Mim org Om UIs) 
ability to speak about, listen to, un- 
We ee mm Ue ELH UOC meg 
UCM a mri ely am Cle aile) ele nvar- Tale) 
business issues the company faced. 
Two other board experiences 

tame solely as a result of being a 
ee ta Me) Maclay (ee UireLelareal ele (cre re | 
number of entrepreneurs who were 
CEOs or on paths leading to CEO 
roles. In each case, the combination 
of skills and experience these entre- 
preneurs sought was the ability to 
effectively bridge the technology/ 
UES sso TLE 

- John Blair 


perience in general management, and 
you will likely be a member of the 
board of the company. 


MAKING IT HAPPEN, PART 2. OK, you’re 
on the way: solid senior management 
experience in IT and a growing body 
of experience in senior-level general 
management. The next task you face is 
to become noticed by those who have 
the influence to place your name in 
front of board-member selection com- 
mittees. 

Who are these people? 

Current board members and CEOs 
have the greatest influence on choos- 
ing new board members. Several of the 
major executive search firms have 
board-member search practices. Con- 
necting with the partners who lead 
these practices will help. But where do 
they find candidates? 

Current board members and CEOs. 

Finding these people is also straight- 
forward. The management of public 
companies is ... public. Yahoo, EDGAR 
and corporate Web sites are ready 
sources for the names of company 
CEOs and directors. The Web sites for 
private and not-for-profit organiza- 
tions typically list officers and direc- 
tors. Growing Web services such as 
LinkedIn and Friendster are also valu- 





able search tools. And be aware that 
organizations such as the Association 
for Corporate Growth, the National 
Association of Corporate Directors 
and many local business, networking 
and economic development groups 
have memberships with a large per- 
centage of CEOs and directors. 

Armed with a good list, start a multi- 
pronged campaign to meet some of 
these people. While the campaign to 
become a director has some of the ele- 
ments of a job search, take a less direct 
approach and look for opportunities to 
work with your contacts. For instance, 
if you and your target are both mem- 
bers of a professional group, look for a 
way to work with him on a committee 
or a program. 

The campaign usually takes a while 
and is built from a number of substan- 
tial joint interactions. Your goal is to 
be asked about your interest in a board 
role, not to do the asking. 

It’s said that any two people in the 
US. are, at the maximum, only four 
degrees of separation apart, so don’t 
overlook the neighbors, the parents of 
your kids’ friends and the aunt of the 
person you meet every now and then 
at the grocery store. 

Each week take at least one action 
that will lead to an introduction to a 
current CEO or board member in a 
company that might find you to be a 
valuable board member in the next one 
to three years. 


PATIENCE IS A VIRTUE. Be patient. It takes 
multiple exposures and firing at a lot 
of targets to raise the odds significant- 
ly. But Sarbanes-Oxley and the contin- 
ued increase in the IT content of most 


| markets, products and services mean 


that boards will need more members 
who can deal effectively with these is- 
sues. If you think you have something 
to contribute at the board level, start 
your campaign now. But realize that 
this may be the longest-duration proj- 
ect you ever manage. @ 53260 





Blair has been a board member of two 
public companies, two private compa- 
nies and two not-for-profit organiza- 
tions. He was CIO of two Honeywell di- 
visions, COO of an IT professional ser- 
vices company and an adviser to corpo- 
rate leadership on technology-related 
management issues. Contact him at 
john@jblairconsulting.com. 


FIGURING THE ODDS 


John Blair says there may be more board seats 
available than you imagine: 


QuickLink 53262 
www.computerworld.com 
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How to Handle 
A Data Scandal 


TODAY'S CORPORATE SCANDALS 


tools to copy a computer's contents, 
trace network paths and scan tera- 


software from Visualware Inc. in Tur- : 
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Thinklank 


RAIN FOOD FOR IT EXECUTIVES 


> - including e-mail and network logs - 
: isn’t purged, contaminated or altered. 
: To put it mildly, “judges have no 

: sense of humor about destruction of 
: evidence,” he says. 


; tablish a clear set of procedures for 


: records of the “chain of custody.” 


: tation to hold back or destroy evi- 

: dence in hopes of protecting the com- 
: pany or fellow executives. Leibrock 

: says the ClO’s loyalty should be to the 
: IT profession and the ethical handling 
: of information required by the court. 


COMSTOCK 


lock, Calif., to show judges the Inter- : 


net route of a particular message. 


Research Debunks 


Stereotypes About 
Older Workers and T 


20% of the v. 5 nar 
force will be more than 
55 years old, says the 
U.S. Department of 
Labor's Bureau of Labor 
Statistics. That demo- 
graphic trend is on a colli- 
sion course with deeply 
held stereotypes about older workers resisting 
change and new technologies. 

But research by Tracey Rizzuto, assistant 
professor of psychology at Louisiana State Uni- 
versity in Baton Rouge, finds that some of the 
prevailing views about older employees simply 
aren't true 

When Pennsylvania state agencies upgraded 
their ERP systems for managing procurement, 
Rizzuto wondered how older workers would 
fare in adapting to the new technology.Soshe | 


studied more than 360 purchasing agents re- 
garding their willingness to learn the new sys- 
tems, as well as their motivation, commitment 
and satisfaction in accepting the changes. 
(Nearly 60% of the agents studied were 46 or 
older, and 119% were over 55.) 

Contrary to common belief, Rizzuto found 
that older workers exhibited more willingness to 
learn the new technology than their younger 
counterparts. Veteran employees were more 
“fired up” about the changes, Rizzuto says, and 
most of them, though not all, were supportive of 
the new systems. 

Conventional wisdom says technology is the 
province of the young. “There is some research 
that shows older workers may not be as quick 


| in learning new technology skills as younger 


people, but this study shows the commitment 
and willingness to learn is stronger among the 
older wu'’’?rs,” Rizzuto says. 

The key is to provide specialized training pro- 
grams for older workers to keep them current 
with new technologies and processes. It's a 
small price to pay, Rizzuto says, to retain em 
ployees who are teachable, adaptable and loyal. 


: @ 53354 


Leibrock urges companies to es- 


Ci0s also have to resist the temp- 


~ Mitch Betts 


| Rizzuto plans to present her findings at an 
April conference of the Society for Industrial 


and Organizational Psychology in Los Angeles. Index of Business IT 


Demand, 2004-2005 


E Send them to 
@computerworld.com. 
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RED HELD was CIO at Mat- 

tel Toys Inc. for most of the 

1970s. He recalls the day a 

gung-ho marketing execu- 

tive, apparently having just 

read Popular Science, asked, 
“Can we put a chip in every product, 
hook up to spy satellites and track 
where everyone goes, so we can really 
see who buys our toys? We could check 
which stores have too much inventory 
and transfer product accordingly.” 

Disregard the fact that the technol- 
ogy was at least three decades away. 
The marketing guy was proposing to 
insert a Cold War espionage-inspired 
tracking device in every Hot Wheels 
car and Barbie doll sold worldwide. 
Can you say “worst public relations 
calamity ever”? 

Needless to say, Held — who is now 
a partner at Tatum Partners, a profes- 
sional services firm in Atlanta — de- 
clined. “You have a great deal of fore- 
sight,” he told the exec. “This isn’t 
quite possible right now, but we’re go- 
ing to keep an eye on it.” Thus the mar- 
keting guy went away flattered, and 
Held turned him down cold with no 
ill effects. 

This is by no means an easy thing to 
do, and since Held’s days at Mattel, it 
has only gotten tougher. In today’s cor- 
porations, IT is supposed to be an en- 
abler, a conduit rather than a gatekeep- 
er. When a line-of-business executive 
proposes a project, IT is supposed to 
make it happen. 

Unfortunately, some of those ideas 
are too risky, difficult to justify given 
the company’s overall IT picture or 
just plain hare-brained. But the IT 
executive who says no may be putting 
his career on the line. 

The key, according to CIOs, project 
managers and other experts, is to ask 
for and provide facts until the person 
who made the request is forced to ac- 
knowledge that the idea won’t fly. 


‘Press Statement’ Method 


“You need to get everyone to recognize 
risks and alternatives,” says Jerry Luft- 
man, author of Competing in the Infor- 
mation Age: Align in the Sand (Oxford 
University Press, 2003) and a professor 
at the Stevens Institute of Technology 
in Hoboken, NJ. “You can’t just say 

no, put your hands over your ears and 
walk away. You want to get them to 
recognize why the answer has to be 
no; that’s the trick.” 

This diplomacy may not come natu- 
rally to many in IT, a discipline long 
known for bluntness. Carolynn Ben- 
son, a senior consultant at Bedford, 
N.H.-based Ouellette & Associates 





HOW TO REFUSE ILL-ADVISED 
BUSINESS REQUESTS AND LIVE TO 
TELL THE TALE. BY STEVE ULFELDER 


Consulting Inc., says that in training 
courses, she teaches clients to say no 
with a “press statement” — a positively 
worded refusal. “The way to say no is 
with options,” Benson says. 

A typical hell-no press statement 
might begin, “IT is committed to help- 
ing your department meet its business 
goals. After reviewing your proposal, 
we believe the following options will 
help achieve those goals and provide 
value for the company.” Absent from 
the list of options, of course, is the one 
proposed by the manager. 





say i a ae 


Oia oA Re as Oo ee ai ah acre Me 


| SPADE 


WORK 


THE ABILITY to turn down a request 
begins long before that request is made. 
IT managers agree that to be respected 
when conflict arises, you must first earn 
the trust of fellow executives. “Before you 
can say no, you need a relationship of 
mutual trust,” says Florin Docea, a project 
manager at The Northwestern Mutual 
Life Insurance Co. in Milwaukee and a 
past president of the Society for Informa- 
tion Management. 


What do you do when an executive 
doesn’t like this answer? “You push 
back with your press statement,” she 
says. If things get ornery, you bump the 
conflict up to the next level with an- 
other statement: “The person who can 
put your request back on track is the 
CEO. Shall we go to the CEO together 
and present our arguments?” 

Frequently, the big “no” concerns a 
completely unrealistic time frame for a 
project. Then IT is not so much refus- 
ing to tackle the project as making sure 
it gets the time needed to do the job 


This trust rests on three pillars: 

= Sound cost-tracking processes. |f 
your company lacks metrics for IT costs, 
you'll face an uphill battle in explaining to 
business execs why the risk-reward ratio 
of their pet project makes it a no-go. “If 
there's no way for IT to charge back for a 
project, business [managers] are not go- 
ing to experience the consequences” of 
their requests, says Gartner Inc. analyst 
and Computerworld columnist Barbara 
Gomolski. “You need an environment 
where people are really going to be pay- 
ing for what they're using.” 

® Strong relationships with fellow 
executives. Fred Held, former CIO at 
Mattel Toys, says that when he took that 
job, “a top executive told me, ‘If you're 





properly. Dave Berg, CIO at Salt Lake 
City-based O.C. Tanner Co. and presi- 
dent-elect of the Society for Informa- 
tion Management’s InterMountain 
Chapter, tells of a recent dust-up. 

For more than half a decade, the 
employee-award company had wanted 
to automate certain pricing and prod- 
uct-replacement tasks in its backbone 
application, but the request always fell 
to the bottom of the pile. Late in 2004, 
without warning, the head of manufac- 
turing and the chief operating officer 
“decided all of a sudden that this was 
the most important thing in the world,” 
Berg says, and they wanted it in Janu- 
ary. Berg countered with March. They 
compromised on February. 

IT was on target to make the release 
date, but an error was discovered in 
testing. Then came the moment of 
truth: Berg faced heavy pressure to 
release the feature with a significant 
flaw. He’d been forced into a tough 
spot: A buggy release would cause 
hundreds of employees to grumble 
and blame IT. On the other hand, 
Berg might be viewed as obstinate, a 
typical perfectionist techie, if he in- 
sisted on holding up the release to fix 
the error. 

He held his ground and insisted on 
additional programming and testing, 
followed by a clean March release. 

Were there some tense discussions 
when Berg demanded to let the sched- 
ule slip? Sure. But that’s not the end of 
the world. As Berg puts it, “If you nev- 
er say no, you must be a yes man — 
and nobody likes a yes man.” @ 53264 





Ulfelder is a Computerworld contribut- 
ing writer. Contact him at sulfelder@ 
charter.net. 


not spending 70% to 80% of your time 
with line executives, you're not doing 
your job.’ ” 

Adds Held, “That prevents line execu- 
tives from saying they can’t do their jobs 
because IT doesn’t support them.” 

® A history of enabling strong proj- 
ects. Your “no” means more if you have 
a track record of saying yes whenever 
possible. This is especially important for 
project managers and others who lack 
veto power, says Carolynn Benson, a se- 
nior consultant at Ouellette & Associates. 

“As a project manager, you don't have 
direct influence,” she says. “So you must 
buiid influence by being a strong support- 
er of business goals.” 
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- Steve Ulfelder 
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1. Statistics from Asia retrieved quickly. 

2. Paris client’s portfolio accessed securely. 
3. Critical information archived automatically. 
4. Data kept within compliance guidelines. 
5. Optimized storage supports heavy volume. 


MIDDLEWARE IS IBM SOFTWARE. The IBM 
TotalStorage* Open Software Family. It automatically 
helps manage and optimize highly complex storage 
enviror 5. By centralizing information. By fully utilizing 
resources. By simplifying data compliance. Help slash 


long-term storage costs. On demand. Comprehensive, 


reliable storage management solutions from IBM 
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Feeling 
Insecure 


An informal online survey by Dice.com in 
February found lack of job security to be 
the greatest contributor to IT job stress. 


__ MANAGEMENT 


The Lure of 
Foreign Shores 


Senior executives are showing signs 
that they're up to the challenge of 
taking a career risk. 





In your opinion, which factor 
is the greatest contributor 
to IT job stress? 
Always having 
to do more 
ith less: 


Learning new 
skills: 9% 
Being under- 
paid: 13% 


growth or pro- 
motion: 15% 


SOURCE: DICE INC 


Which of the following major 
career changes would you consider? 
Pick only one. 


Take an overseas Change 
assignment: industries: 
37% 33% 


iness: 
19% 
Take a year off: 5% 


Work part time: 2% 
Number of respondents: 2,704 


SOURCE: SURVEY BY KORN/FERRY INTERNATIONAL 
FEBRUARY 2005 


consider any 
of these: 4% 


Senior 
program director, 
human capital 

“a TUE uit 
7 


L(t.) 
Group Inc., Stam- 
ne ford, Conn. 
One of the biggest 

PERM tC ercmUr Url i 
these days is the lack of succes- 
sion planning both for technical 
line workers and for the next gen- 
eration of junior and midlevel IT 
TEE eM RUPEE Rs 

The problem is expected to 
Tn CeM BEN me Ht CmO\ (18 
the next 10 years as many baby 
boomer IT workers reach retire- 
Tat ee am Pe le 
enter the market, she says. 

Schafer spoke with Computer- 
Oe eM EMO lett 
the pending problem and steps 
UF eM Cnt ce ele R sme L ile] 
BOR gcsoe 


Are IT organizations unprepared to deal 
with the changing workforce dynamics 
that are expected to occur over the next 


Management consistently deadens the 
natural enthusiasm that new employees 
bring to their jobs, according to the book The 
Enthusiastic Employee: How Companies Profit 
by Giving Workers What They Want (Wharton 
School Publishing/Pearson, 2005). According 
to research by authors David Sirota, Louis A. 
Mischkind and Michael Irwin Meltzer, employ- 
ees’ enthusiasm declines by up to 15% 
after they have gained more than six 
months on the job - and it never recovers 
to the original level. 

The authors cite several reasons: 

= Management's policies are aimed toward 
the troublesome 5% of employees rather than 
the good 95%. 

= Managers are often indifferent to those 
they manage. 


= Companies have been too quick to respond 


to adverse business conditions with layoffs. 
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several years? Ten years from now, we're 
going to be facing a big potential gap. Senior 
management hasn't done a good job with 
succession planning. We just don’t think in 
long-term horizons in the U.S. like they do in 
Japan and Germany. 


What steps should IT executives be tak- 
ing to address this? This concept of suc- 
cession planning has to be made more of an 
ongoing process and has to extend down the 
chain farther than it has in most places. It's 
about identifying who your next set of leaders 
is, not just at the executive level but also proj- 
ect managers and project leaders. That's how 
you create opportunities for people at these 
levels: putting in place some development 
activities for a structure and path for them 

to follow. 


What else can be done? One thing | often 
hear from IT management and HR people is 
how there’s an unwillingness among IT work- 
ers who have been in certain positions for a 
long time to explore reskilling or new training. 
It comes back to this whole idea of creating a 
continuous learning environment. IT manage- 
ment and HR can help here. That means de- 
veloping a more strategic orientation from a 
variety of constituencies. What the individual 
IT worker needs to do is to be open and to 
communicate that openness to learning new 
types of techniques to help increase their val- 
ue to the organization. Companies want peo- 
ple who have skills that go across a variety of 
areas. @ 53233 


“It's hard for people to be enthusiastic about 
an organization that is not enthusiastic about 
them,” says Sirota, the book's lead author. 
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innovation to exceed customer need. 
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HTML content optimization, contextual 
ads, search engine marketing, localiza- 
tion, search-term research, successful 
site architecture, Web server issues 
and measuring success. 
www.jupiterevents.com 
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Sponsor: MobileTrax LLC 

Topics include managing mobile and 
remote assets and new paradigms in 
wireless data. Also scheduled are live 
demonstrations of mobile computing, 
wireless data hardware devices and 
software applications. 


| 
| 
| 





www.mobiletrax.com 


PAUL GLEN 


The Wages of Fear 


N THE CIRCLES OF POWER, fear is often 
admired as a potent motivator. In his classic 
discourse on power politics, The Prince, Niccolo 
Machiavelli offered the following thoughts on 
the question of whether it is better for a leader 


to be feared or loved: 


“If we must choose between them, it is far safer to 
be feared than loved. For of men it may generally be af- 
firmed, that they are thankless, fickle, false, studious to 
avoid danger, greedy of gain, devoted to you while you 
are able to confer benefits upon them, and ready ... 


while danger is distant, to 
shed their blood, and sacri- 
fice their property, their 
lives, and their children 
for you; but in the hour 

of need they turn against 
you.” 

So naturally, he would 
have considered occasion- 
al, small-scale cruelty justi- 
fiable and wise when it in- 
spired fear and enabled a 
prince “to keep his subjects 
united and obedient.” 

Ethical issues aside, this 
seems to work reasonably 
well, at least for a while, if 
your goal is to control the 
behavior of a population, 
quell social unrest or sup- 


press dissent. But if your goal is to lead 


a group of knowledge workers to peak 
productivity, this may not be a recipe 
for success. 

As a consultant and speaker, I 
have the privilege of peeking into 
many companies, associations and 
IT departments. Within each, one can 
discern subtle attitudes, beliefs and 
emotions regarding their leaders. 

In organizations where the leader- 


ship either deliberately or inadvertent- | 


ly cultivates fear, I’ve observed some 
interesting patterns. Few of them are 
particularly helpful for the organiza- 
tion or its leaders. 





Creative energy is misdirect- 
ed. There seem to be limits 
on the creative energy of 
any group. Onlysomany | 
hours a day are really pro- 
ductive for generating the 
best answers to the impor- 
tant questions at hand. 
When a group comes to 
fear its leadership, a great 
deal of that creative energy | 
is siphoned off into ques- 
tions of how to mollify the 
manager rather than how 
to support the organization 
with technology. 

The staffers focus their 
attention on what they 
feel are basic issues of per- 

; = sonal security rather than 
on organizational accomplishment. If 
an employee is worried that you might 
publicly humiliate her because she 
forgot to use the official corporate 
PowerPoint slide template, then she’s 
diverted some of that vital energy 
away from the valuable content. 

Offhand remarks are transformed into rigid 
policies. One way for staffers to avoid 
potential confrontations is to try to get 
decisions made in informal chats. 

Imagine that you are the scary boss. 
You're walking through the hall, and a 
subordinate tells you, “We're going to 
send you a status report on Friday.” 
And you say, “Sounds great; the morn- 





"ARE YOU A SCARY BOSS? 


ing is best,” because you'll be leaving 
early to visit your grandmother in 
Schenectady. 

Next thing you know, every project 
manager in the organization is grum- 
bling, angry and upset, because 
they’ve all heard that there is a new 
policy that EVERY PROJECT MUST 
HAVE A STATUS REPORT DELIV- 
ERED TO THE BOSS BY NOON 
EVERY FRIDAY ... OR ELSE. There 
are whispers in the hall, “How come 
we can’t turn them in Monday? Why 
can’t we use the weekend?” 

The pressure builds until someone 
eventually breaks and blurts out his 
frustration and incredulity at a public 
meeting, and you're left slack-jawed 
wondering how this all started. 

No one wants to talk to the scary boss. 
You’ve announced an open-door poli- 
cy. All staffers have an open invitation 
to come to your office to discuss 
anything troubling them. Yet, on 
those rare occasions when you're 
not in a meeting, you could hear crick- 
ets chirping to the gentle whine of 
your hard drive. No one wants to 
talk to you. 

Before long, you don’t really know 
what’s going on. The staff has spent its 


| creative energy constructing a rosy 


picture of reality, presented in the 
most formal settings, designed to 
avoid your wrath. 

And, sadly, you’re probably smart 
enough to know that you’re being 
snowed, but you don’t know quite 
how to break through to these people. 
Eventually, your frustration comes out 
in a burst of anger — and the cycle 
begins again. 

These are among the wages of fear. 
On the good side, the staffers have 
been unified. On the bad side, they are 
probably unified against you. @ 53263 


There are a number of reasons why your staff might be 
afraid of you. Go to our Web site to learn more: 


QuickLink 52678 
www.computerworld.com 





Featured Editorials 


IT Careers offers you information 
on the most relevant career 
management topics relative to 

IT recruitment. 


Here’s what’s coming up next: 


Apr 18: 
Women in IT Careers 


May 2: 
Information Security 


IT|careers 


Be sure to take advantage of this great 

opportunity to brand your company or 

display your recruitment message in IT 
Careers amid these specialized editorials 


Contact us: 
800-762-2977 


Visit us at: 


www.itcareers.com 
Powered By: 


© Career Journal.com 


pow THE WALL STREET JOURNAL 


Computerworld - InfoWorld - April 4, 2005 


IT|careers 


Software Engineer will be 
responsible for the design and 
development of real-time energy 
systems software based on 
existing requirements. Will de 
sign, develop, implement and 
maintain a billing engine with the 
ability to cope with any utility tar 
iff and produce bills. Will add 
functionality to existing software 
system and enhar the stabil 
ty of the system. Will maintain 
the systems environment in the 
company's laboratory and on 
Production and staging servers 
Requires B.S. or equivalent in 
Comp. Sci. or Comp. Eng. and 
two (2) years exp. in job offered 
or two (2) years exp. in the 
development of energy systems 
software. Candidate must also 
possess demonstrated expertise 
programming r Visual ¢ 
Visual Basic >; demo: at 
ed expertise with billing and tar 
iffs in the utility industry; and 
demonstrated expertise in 
ware development using tools 
such as Source Safe, Rational 
Rose, Java or J2EE. Salary 
$58,275/yr; M-F, 9:00AM-5:0C 
PM. Submit two (2) copies of 
resume to Case # 200300736 
Division of Career Services 
Labor Excha Office, 19 
Staniford St., 1st Fi., Boston, MA 
02114. EOE. Applicants must be 
U.S. workers eligible to accept 
employment in the United States 
on a full-time basis. 


Comp: S/W Engrs (hvg Mast 
Deg w/2 or Bach Deg w/5 yrs 
exp) & Progmr Analysts 
wiexp req'd. Exp must incl 
combinations of C++, .Net. 
Java, PB, SAS, SAP, People- 
soft, Siebel, Informatica 
BusinessObjects, Documen 
tum, Cognos, Oracle PL 
SQL, Oracle DBA, Clinicals 
Sybase, DB2, Linux, Unix & 
Windows NT. Millennium 
Information Tech 666 
Plainsboro Road, STE 455 
Plainsboro, NJ - 08536 


Specialist, Computer Apps 
Florida Atlantic University, Boca 
Raton, FL .Designs, Develops 
and customizes applications 
that interact with relational data 
bases(SQL Server, Oracle & 
MS Access).MS in MIS /CS + 1 
yt exp. Req'd 1 yr of adv pro- 
gramming exp (UNIX & win 
dows) developing database 
based apps. Position #981472 
For further details, application 
instructions, & complete job 
description, please visit our 
website at http://personnel.fau 
edu/Employment/Jobs/APList 
asp#2150 or call 561-297-3058 
(Voice/ TTY) EO/EA 


PROGRAMMER/BUSINESS 
ANALYSTS (Woodbridge, New 


Jersey) - Knack Systems 


Databases; ET 
and deve 
op new 
source systems to data ware 
house, undertake 
ing, and deploy t 
gence/informatior 
ions by using 
SQL, COBO! 
, Erwir 
Analyst 

strong RUP methodology. 
and use case exp, Develop and 
implement test plans; Gather & 
Analyze Business Require 
ments, develop systems require 
ments; Design and document 
procedures and work flow; build 
business proce c ch & 
data manage 
Full time, direct hire, salary com 
mensurate with exp., full bene 
fits pkg. Ema resumes to 
HR@Knacksystems.com or mai 

> 1 Woodbridge Cen 

335, Woodbridge, NJ. 


Analyst for specialty finance Co 
Miami to analyze 

tems infrastructure 

data consistency, revenue 

pipeline reports. F/T position M 

F pays market level salary 

Applicants with Bachelor's in |.T 

with strong backgr 

Finance+1 yr 

resumes only 

Res. Bayview 

4425 Ponce De Leon Bivd 


floor, Coral Gables, Fic 


Hyland Software, In seeks 
qualified Database Consultants 
(DBC), Programmers (PROG 
Computer Support Specialists 
(CSS), Computer Sales Rep 
(SALES) and Software 
Engineers (SE) to work in 
Cleveland, OH. Please apply 
online at http://jobs.onbase.com 
must reference Job Code where 
indicated to be considered or 
send resume to HR Department 
28500 Clemens Road 
Westlake, Ohio 44145. Must ref 


[ode in cover letter. 


Online Recruitment 
Opportunities 


Post your recruitment message on itcareers.com 
and reach highly qualified IT professionals with 
the hard-to-find skills you need 


Corporate memberships 

Job posting packages 

Resume database 

Single job posting 

Integrated print/online packages 


Cail us today for rates and additional 
advertising opportunities! 


iTicareers 
800-762-2977 


www.itcareers.com 


D> areer ir oe 








IT|\Careers 


Project Manager (Orlando, 
FL). Expanding hospitality 
and business management 
company seeks software pro- 
fessional to plan, manage, 
and maintain various Internet 
and business system projects 
through project life cycle 
Prior project and resource 
management experience uti- 
lizing web/Internet technolo- 
gies helpful Competitive 
salary. Mail resume to Avista 
Management Inc 5353 
Conroy Road, Suite 200 
Orlando, FL 3281. Attn: Sofia 
Barnes 


Software Engineer (Orlando, 
FL) Technology company 
seeks software professionals 
to develop, and manage net- 


g knowledge of 
JavaScript, C, C++, PASCAL, 
HTML, CISCO 7204, Real 
Media Technology and ONS 
Server. Extensive Knowledge 
in ColdFusion, SQL Server 
2000, Netscreen Firewalls, 
and BIG-IP Loadbalancers 
preferred. Competitive salary. 
Mail resume to Avista 
Management _ inc 5353 
Conroy Road, Suite 200, 
Orlando, FL 32811. Attn: Sofia 
Barnes 


SAP FI CO Analyst. Bachel- 
or's degree in BA or CS and 
4 years of related experi- 
ence. Must have SAP Bus- 
iness One experience. Mail 
resume to Attn: Resumes 
PSD Consultants, LLC 
2218 McClendon St., Suite 
5, Houston, TX 77030- 
2020. Refer to job code 
NLO001 when applying 


Software Engineer: Perform 
client-server application devel- 
opment using C/C++, Delphi, 
SQL and xBase languages on a 
UNIX platform; participate in the 
analysis and design of new serv- 
er applications; investigate. 
solve issues and provide main- 
tenance to existing server appli- 

design and develop 

interfaces between 
remote client-server applica- 
tions; perform standalone Win- 
dows and UNIX application 
development using object orient- 
ed languages including C++ and 
Delphi; participate in project life 
cycle development and provide 
status updates on project activi- 
ties; perform analysis and 
research of any given enhance- 
ments proposed to existing serv- 
er applications; perform coordi- 
nation, preparation and delivery 
of server releases and patches. 
Requires a Bachelors degree in 
Computer Engineering or Com- 
puter Science and either 2 yrs. 
experience in the job offered or 
2 yrs. experience in client-server 
application development using 
C/C++, Delphi, SOL and xBase 
languages. Salary is 63,000/yr. 
40 hrs/wk, 8 AM to 5 PM, Mon.- 
Fri. To apply submit 2 copies of 
resume to: Case# 200300612 
Division of Career Services 
Labor Certification Unit, 19 
Staniford St., 1st floor, Boston, 
MA 02114 


Info. System Manager 
direct & coordinate info sys- 
tems and computer pro- 
gramming for tech firm, MA 
Degree & 2 yrs exp req'd; 
Job at Enlightened, Inc 
Washington, DC; cover let- 
ters & resumes to 
Enlightened, Inc., 666 11th 
Street, NW, Suite 620, 
Washington, DC 20001 
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Continued from page 1 
Comdex 


America in Secaucus, N.]J., said 


that in the early 1990s, Comdex | 


was the place “to see the latest 
and greatest technologies that 
were rapidly rolling out.” 


But that changed as Comdex 


showcased mundane acces- 
sories such as mouse pads. 
“The event became over- 
whelming, and the value was 


diluted,” Schwartz said, adding | 


that he stopped attending and 
watched as major sponsors 
and vendors bailed out. 

San Francisco-based Media- 
Live International Inc., which 
took over the show in 2003, 


said this year’s planned edition | 
was canceled because of a con- | 


tinuing lack of interest and fi- 
nancial commitments from 
major IT vendors. The same 
problem drove MediaLive to 
give up on Comdex last year 
(QuickLink 47727], but the 
company said then that it 
would try again this year. 


Continued from page 1 


OS Update 


include a built-in firewall, 
Network Access Quarantine 
Control components to isolate 
out-of-date virtual private net- 
work assets, and a wizard that 
gathers information about the 
roles of servers and blocks 
services and ports that aren’t 
needed. 

“That’s great, because we 
don’t have to integrate it all 
piecemeal. It comes all at 
once,” said Jonathon Adding- 
ton, a network administrator 
at sporting goods equipment 
manufacturer K-2 Corp. in 
Vashon, Wash. 

Addington said that in some 
cases, K-2 has already brought 
in third-party products to pro- 
vide some of the functionality 
that Microsoft is adding in 
SP1. But the prospect of not 
having to buy other products, 
such as firewall hardware, is 


t two week 





Dwindling atten- 
dance has also been 
a factor. About 
40,000 people at- 
tended the show two 
years ago, down 
from some 200,000 
in its heyday. 

A spokesman for 
the show couldn't be 
reached for com- 
ment despite several 
attempts. In a state- 
ment, MediaLive said it has 
made “significant progress” in 
working with vendors and 
other parties to rethink 
Comdex. MediaLive still 
hopes to bring the show back 
to life in 2006, but it noted 
that “considerable work” 
needs to be done first. 

“At least for the time being, 
the need for a general indus- 
try-pat-on-the-back type show 
like Comdex is not here,” said 


| Charles King, an analyst at 


Pund-IT Research in Hay- 
ward, Calif. But that could 


| change at some point, he 


added. “These things tend 


enticing. “It could save a great 


deal of money,” Addington said. 
However, that won’t provide 


any relief for past investments 
that were needed to fill the 
voids in Windows Server 
2003, noted an infrastructure 
support director at an insur- 
ance company who asked not 
to be identified. Microsoft 
“came late to the security par- 
ty,” he said. “It’s hard to thank 
the car dealer for delivering 
the tires today when the car 
was bought years ago.” 

The Security Configuration 
Wizard in SP1 gives compa- 
nies new capabilities to hard- 
en their systems against at- 
tack, but the insurer has al- 
ready tackled that on its own. 
The support director there 
said he’s not sure that aban- 
doning the company’s proven 
methods in favor of Micro- 
soft’s tools would provide bet- 
ter protection. 


Microsoft initially said Win- 


dows Server 2003 SP1 would 


hn. 48106. C 
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to go in cycles.” 
Michael H. Hugos, 
CIO at Network Ser- 
vices Co. in Mount 
Prospect, IIl., and a 
Computerworld 
columnist, said he 
last attended the 
show in 1998 and 
wasn’t planning to 
go this year. “It had 
very little relevance 
to me because it 
| tried to reach such a broad au- 
| dience that the whole event 
| became very unfocused,” he 
| said in an e-mail message. 
| “In the early days of the PC, 
Comdex was really focused on 
just the PC, and it was the 
| place to go to see the latest ad- 
| vances in PC technology,” 
| Hugos wrote. “After the late 
| ’90s, it was no longer worth 
my time.” 
David Lewis, CIO at Deseret 
| Mutual Benefits Administra- 
| tors, a Salt Lake City-based 
| nonprofit that administers 
| welfare and financial benefits, 
| last attended Comdex about 


| 
| 
| 





| ship in the second half of last 

| year. But when the company 
marshaled its resources be- 
hind Service Pack 2 for its 

| Windows XP operating sys- 

| tem, that disrupted the sched- 

| ules for other Windows re- 
leases, according to Al Gillen, 
an analyst at IDC. 

Gillen said the delay on 

Windows Server 2003 SP1 

| didn’t have a critical impact on 
most corporate IT shops be- 
cause Microsoft has released 

| some security enhancements 


NEW FEATURES 


Security Configuration Wizard: Gathers information about server 


15 years ago. “I now focus on 


| ClIO-level discussions” at 

| more-targeted conferences, he 
| said via e-mail. “My issues are 
| more strategic than specific 


vendor solutions, although 
those are still important.” 
Lewis added that the show 
was never a “must attend” 
event for him. “If we wanted 


| to see a particular vendor's of 


ferings, there are other ways 
to see them,” he said. 


| Vendor-driven Event 


| Bold Vision LLC, an IT con- 





Bruce Barnes, a principal at 


sultancy in Dublin, Ohio, said 


| Comdex was useful a decade 


ago and agreed with others 
that it lost its way. 
“One of the largest telling 


| tales is the fact that the orga- 
| nizers have tried to revive the 


event by creating an advisory 
board of vendors,” Barnes 
said via e-mail. MediaLive 
should ask users for input, 


| he added. 


But Jim Speer, director of 
information systems at Mesa, 


along the way. Also, the initial 


| software was more secure out 
| of the box than the typical 


Windows release is, he added. 
Yet even companies that 


| have regularly patched their 
| systems should look at in- 
| stalling SP1, according toSamm | 


DiStasio, director of product 


| 
management in Microsoft’s 


| as part of SP1 to address the 


Windows Server division. He 
said Microsoft made changes 


root causes of certain classes 
of attacks, and those tweaks 


roles and blocks unneeded services and ports. 


Windows Firewall: Allows networkwide end-user access control through 
Active Directory's Group Policy feature. 


Postsetup Security Updates: Blocks ail inbound connections after instal- 
lation until Windows Update has downloaded the latest security updates. 


Internet information Services §.0 Metabase Auditing: Lets |T admini- 
strators identify potential malicious users if the data store becomes corrupted. 
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Ariz.-based Talley Defense 
Systems Inc., said he’s disap- 
pointed that Comdex was can- 
celed for another year. 

Speer said he has sent his 
entire staff to the show in the 
past and was waiting to see 
about this year’s event. “My 
feeling was that we needed to 


| go every couple of years,” he 


said in an e-mail. “It appears 
that it is in trouble.” 

Comdex has been “one of 
the only shows that gives my 
people a chance to get a view 
of a lot of new technology in 


| one place,” Speer added. “The 
| difficulty was that it was very 


big and it was hard to see 
| everything.” 


Speer said he still thinks a 


| reconfigured Comdex could 


be useful for corporate IT at- 


| tendees, but only if MediaLive 


makes big changes. “We need 


| technology shows that edu- 
| cate, and Comdex had that po- 
| tential,” he said. “It moved 


| away from that 


... The last 


| show I attended felt more like 


| a flea market.” @ 53527 


| aren’t incorporated into the ex- 


isting patches. 
One major concern for 


| users deploying any operating 


: = > z @BPA ABM *, 


| system update is application 


compatibility. To that end, Mi- 
crosoft has tested more than 
125 applications with SP] and 
plans to post a document on 
its Web site to show the find- 
ings, DiStasio said. 

Some beta testers spotlight- 


| ed by Microsoft said they have 


seen only minor problems, and 
they were quickly resolved. 
For instance, the IT depart- 
ment of the government of 
Fulton County, Ga., hit a “cou- 
ple of bumps” last year while 


| testing SPI on 30 servers. But 


Russell Mobley, an assistant 


| director of IT for the county, 
| said staffers encountered no 
| problems deploying the final 


release on 100 production 
servers running Exchange, 
file-and-print and directory 
services, and various depart- 
mental applications. @ 53526 
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Listen Up, Mark 


ARK HURD, you're about to take over as CEO at 
Hewlett-Packard, and every IT industry blowhard is 
talking about you like you weren’t in the room. He’s 
a small-timer from dinky little NCR. He’s a Wall 
Street darling who quadrupled NCR’s stock price. 
He’s a cost-cutter who doesn’t do R&D. He’s a great fit. He’s a lousy 


fit. He’s a mystery man. 


You’re going to hear a lot of advice, and a lot of verdicts on how 
well you’ll do from people who never heard of you a week ago. 
And, yeah, you’re about to hear that from me, too. First the advice: 

Listen. Listen. Listen. Then execute. 


Look, you’ve inherited a mess. What Carly 
Fiorina was good at was stretching HP in all 
directions. HP swallowed Compag, including 
Digital Equipment and Tandem. HP jumped 
into consumer stuff in a big way, selling TVs, 
music and satellite radios. 

HP’s corporate culture also got stretched out 
of shape. Fiorina arrived late in the dot-com 
boom, when the low-key, engineering-focused 
“HP Way” seemed like a quaint anachronism. 
She left at the tail end of the worst IT downturn 
ever. In between, lots of HP people felt like they 
got run over by a truckload of bad ideas. 

First of all, listen to those HP people. You’re 
an outsider. You don’t know where the bodies 
are buried in Palo Alto, where the problems lie, 
where the untapped strengths are. You'll learn 
some of that from the top HP execs you decide 
to trust. But that’s not enough. 

So if you don’t revive anything else of the HP 
Way, try what Dave Packard called “manage- 
ment by walking around.” Hit the hallways. 
Show your face. Keep your ears open. Talk with 
some of the 150,000 HP employees without 
whom you're toast — and listen. 

Next, hit the streets. HP isn’t 
NCR; you know that. HP’s big cus- 
tomers have their own expectations, 
preferences and needs. And they’ve 
been waiting for you. Do a little 
talking and a lot of listening. Let 
them see that the new guy isn’t such 
a mystery. Pay attention to what 
they ask for, and also to what they 
don’t ask for. Make no assumptions. 
Ask questions. Listen. 

Then take what you know and go 
back to the board. They hired you 
because you worked miracles at 
NCR. But you can’t just sprinkle the 
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same operational fairy dust on HP. There’s no 
clear focus like the one NCR has on transactions. 
You'll have to decide which of HP’s jumble of 
directions, initiatives and ideas get the nod. 

So present a plan, based on what you’ve 
learned from employees and customers. Then 
listen. This board has been divided against 
itself. You need the board’s unified support. 
Listen. Adjust. Keep listening. 

Finally, execute. You know what you were 
hired to do. “Operational efficiency” means cut- 
ting costs, some of which are attached to warm 
bodies. In the short term, “driving shareholder 
value” means the same thing. A lot of that lis- 
tening is to make sure that you cut the right 
costs in the right places. 

But it’s also so you'll be ready for the next 
step: delivering what customers want. That re- 
quires finding your own focus for the mess that 
is HP. You weren’t really hired for that, but it’s 
where the real miracles need working at HP. 

Can you do it? I have my doubts. HP’s prob- 
lems aren’t just operational, they’re structural. 
You're facing a big pile of undigested initiatives 
and hamstrung by a board that wants stability 
right now. Frankly, I think you'll 
succeed at the cutting and fail at 
the focusing. Once you’ve chopped 
away at the HP jungle for a while, 
you'll be dumped. 

Prove me wrong. Make it work. 
That’s what HP’s employees want, 
and its shareholders, and most of all 
its customers. Your success means 
their success. If you win, every- 
body wins except the naysayers. 

So listen, listen, listen, and exe- 


anymore. @ 53485 
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Think Like a User 
User: “I forgot my ID to log into the network.” Support 
pilot fish: No problem, sir - it's just your name. User: 
“How do you mean?” Fish: Your ID is your first initial 
plus your last name, up to a maximum of eight charac- 
ters. User: “But how did I spell it?” 

a pilot fish 


Honest! 

Sales guy wants watching it all. 
IT manager pilot SHARK “He was con- 
fish to remove a TANK». cerned that 

word from his people using 
spell-check dictionary. = the monitor would be 

What word? Lie. “When : able to see what had 

I realized he was seri- = been on his screen.” 


ous, | asked what was | 


wrong with that word,” 
fish says. “He saidhe — : Remote user is having 
meant to type the word: trouble with a spread- 
like, but he inadvertently : sheet program. | can’t 
dropped the ‘k’ and the: get to the data in one 
spell checker didn’t warn : field because there's a 
him. So if we took fie —_= picture of little people 
out of the dictionary, this : holding hands, she telis 
wouldn't happen again!” support pilot fish. Little 
: people holding hands? 
The Reason Why : “Lhept trying to find out 
This laser printer suffers : what she was looking 
lots of paper jams and _ at,” fish says. “I finally 
appears to be in pretty : realized her cell had too 
rough shape, so it’s : much data in it and was 
scheduled for replace- _: filled with asterisks in a 
ment. “Of course, before : row that looked like stick 
the replacement was people to her - all hold- 
ready, we were called, = ing hands.” 
once again, to fix a pa- 
per jam,” says pilot fish | Not to Milspec 
on the scene. “This time : Pilot fish has worked at 
we must have asked the | small businesses for 
correct troubleshooting : years, until he’s hired as 
question, because the: a sysadmin at the Penta- 
user’s response was, ‘No : gon. “Not long after | 
matter how hard | hit it, : was hired, a co-worker 
it still won't work." ” | and | were working on a 


: knotty problem getting a 
Woon Par _ switch configured,” says 
Part 
User gets a new flat- 


| fish. “After a long strug- 
_ gle, he finally got it 
screen monitor, and his solved. | cheered and 
old CRT is being handed poor hess 
down for use with anoth- : You are the bomb!’ He 
er machine. But he’s not : looked at me and said 
happy. “As the tech was : that now that | was em- 
taking the monitor to its: ployed in the Pentagon, | 
new home, the user in- : might want to be a little 
sisted that the monitor more careful about what 
webcomsnrsdese8s i kind of slang | used.” 
 SHARKY TALKS THE TALK. Send me your true tale 
of IT life at sharky@computerworld.com. You'll snag 
a snazzy Shark shirt if | use it. And check out the daily feed, 
browse the Sharkives and sign up for Shark Tank home de- 
livery at computerworld.com/sharky. 
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+ ProtectTools: Security Manager, 
Credential Manager, BIOS Configuration 


* Intel 
730 


| 


invent 


Prices shown are HP Direct prices prices may vary. Prices 


HP Direct and participating HP resellers. A fters available ir nly. 1 
purchased service contract. Check with serv der for availability and coverage 
alitying HP Compaq nc6120 Notebooks P Compag tc? 100 Tablet PCs 
transfer rate may be up t VD media, the max transfer 
Pentium are trademarks or registered trademarks of Intel 


your area. Not all Web cont 
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orporation or its subsidiaries in the 


HP recommends Microsoft” Windows” XP Professional. 


HP COMPAQ tc1100 
TABLET PC 


$1,599 


$2,049-$450 Instant Savings=$1,599) 


Enhance your system 


+ Intel’ Centrino” Mobile Technology 


+ Intel’ Pentium’ M Processor ULV 


1.10GHz) HP IPAQ™ hx2750 
+ Intel’ PRO Wireless 22008G POCKET PC 
802.11b/g) es 


* Microsoft? Windows’ XP Tablet 
PC Edition 


+ 256MB DDR SDRAM 
+ 40GB (4200 rpm) Hard Drive 


* 1-year limited warranty 


PXA Proce 


* Protectlools: Security Manager, Optional 
Smart Card Security, Credential Manager 


Secure your HP notebook investment. Get Accidental 


Damage Protection for as little as $99/year or $169/3 years. 


www.hp.com/go/mobility6 


1-866-625-4734 
ois cheaalbeios MOBILE 
TECHNOLOGY 


your local reseller 


recipent’s address. Offers cannot be 
N infras ther B ices and act with a wireless airtime provider 
$, labor and next-business-day support. 
lay vary as follows 


te! inside, intel inside L 


1/05. 5. For hard 00 Drive data transter 


800 Kbps. Ac 


nited States and other countries 


y vary depending on m 
oft and Windows are 





Oracle Database 


World's #1 Database 
*"For Small Business 


Easy to use. Easy to manage. Easy to buy at Dell. 
Only $149 per user. 


ORACLE 


dell.com/database 
or call 1.888.889.3982 


Terms, conditions and limitations apply. Pricing, specifications, availability and terms of offers may change without notice. 
Taxes, fees and shipping charges extra, vary and are not subject to discount. U.S. Dell Small Business new purchases only 
Dell cannot be responsible for pricing or other errors. Oracle Database Standard Edition One is available with Named User 
Plus licensing at $149 per user with a minimum of five users or $4995 per processor. Licensing of Oracle Standard Edition 
One is permitted only on servers that have a maximum capacity of 2 CPUs per server 
For more information, visit oracle.com/standardedition 


Copyright © 2004, Oracle. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. 








